false
Splunk Threat Research Team

Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 3 Min Read

Splunk Security Content for Threat Detection & Response: Q3 Roundup

Learn about the latest security content from Splunk.
Security 11 Min Read

Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion

The Splunk Threat Research Team dives into the Okta policy bypass vulnerability, offering detection insights and effective hunting strategies for security teams.
Security 10 Min Read

CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

The Splunk Research Team dissects the technical intricacies of the CosmicSting vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
Security 10 Min Read

Cracking Braodo Stealer: Analyzing Python Malware and Its Obfuscated Loader

The Splunk Threat Research Team break down Braodo Stealer's loader mechanisms, obfuscation strategies, and payload behavior.
Security 12 Min Read

ValleyRAT Insights: Tactics, Techniques, and Detection Methods

The Splunk Threat Research Team conducts an analysis for several variants of ValleyRAT’s malware samples to extract its MITRE ATT&CK tactics, techniques, and procedures (TTPs).
Security 3 Min Read

Introducing Splunk Attack Range v3.1

The Splunk Threat Research Team is happy to release v3.1 of Splunk Attack Range.
Security 14 Min Read

PowerShell Web Access: Your Network's Backdoor in Plain Sight

The Splunk Threat Research Teams dives deep into PowerShell Web Access (PSWA) exploring its functionality within the context of cyber threats.
Security 11 Min Read

My CUPS Runneth Over (with CVEs)

This blog dissects the technical intricacies of the CUPS vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
Security 17 Min Read

Handala’s Wiper: Threat Analysis and Detections

Cisco Talos and the Splunk Threat Research Team provide a comprehensive analysis that expands on existing coverage of Handala's Wiper and offers unique insights.
Security 13 Min Read

ShrinkLocker Malware: Abusing BitLocker to Lock Your Data

The Splunk Threat Research Team shares their findings and methodologies to aid the cybersecurity community in combating ShrinkLocker effectively.
Security 8 Min Read

The Final Shell: Introducing ShellSweepX

The Splunk Threat Research Team is excited to announce the final tool in the ShellSweep collection: ShellSweepX.
Security 12 Min Read

Previous Security Content Roundups from the Splunk Threat Research Team (STRT)

Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
Security 6 Min Read

AcidPour Wiper Malware: Threat Analysis and Detections

The Splunk Threat Research Team provides an analysis of AcidPour and how to use Splunk’s out-of-the-box security content to help defend against this wiper malware.
Security 4 Min Read

Splunk Security Content for Impact Assessment of CrowdStrike Windows Outage

This blog is intended to help existing Splunk customers who are also customers of CrowdStrike gain visibility into how the CrowdStrike outage may be impacting their organizations.
Security 8 Min Read

Breaking Down Linux.Gomir: Understanding this Backdoor’s TTPs

The Splunk Threat Research Team provides an analysis of Linux.Gomir to help security analysts, blue teamers and Splunk customers defend against this threat.
Security 14 Min Read

Introducing ShellSweepPlus: Open-Source Web Shell Detection

Detect web shells easily with ShellSweepPlus, an open-source tool for detecting potential web shells. Learn how ShellSweepPlus works and how to use it here.
Security 9 Min Read

regreSSHion: Uncovering CVE-2024-6387 in OpenSSH - A Critical Vulnerability

CVE-2024-6387, aka "regreSSHion", exposes Linux environments to remote unauthenticated code execution. Learn how to handle this CVE here.
Security 8 Min Read

LNK or Swim: Analysis & Simulation of Recent LNK Phishing

LNK files are a common starting point for many phishing campaigns. Read on to strengthen your defenses against these LNK file phishing attacks.