LNK or Swim: Analysis & Simulation of Recent LNK Phishing
LNK files are a common starting point for many phishing campaigns. Read on to strengthen your defenses against these LNK file phishing attacks.
Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 2
Leverage the power of Splunk to ingest, visualize, and analyze AppLocker events, enabling you to gain valuable insights and strengthen your organization's security posture.
Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 1
The Splunk Threat Research Team provides a comprehensive overview of AppLocker and guidance for getting started with AppLocker policies
Security Insights: Detecting CVE-2024-4040 Exploitation in CrushFTP
The Splunk Threat Research Team explores how Splunk can help you identify and investigate CVE-2024-4040 exploitation in your CrushFTP environment.
Splunk Security Content for Threat Detection & Response: Q1 Roundup
Learn about the latest security content from Splunk.
Previous Security Content Roundups from the Splunk Threat Research Team (STRT)
Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
Splunk Tools & Analytics To Empower Threat Hunters
Calling all threat hunters! This article dives into the many Splunk tools and analytics that can help threat hunters in their day-to-day hunting activities.
Hunting M365 Invaders: Dissecting Email Collection Techniques
The Splunk Threat Research Team describes various methods attackers may leverage to monitor mailboxes, how to simulate them and how teams can detect them using Splunk’s out-of-the-box security content.
From Water to Wine: An Analysis of WINELOADER
In this blog post we'll look closely at the WINELOADER backdoor and how Splunk can be used to detect and respond to this threat.
Under the Hood of SnakeKeylogger: Analyzing its Loader and its Tactics, Techniques, and Procedures
In this blog, the Splunk Threat Research Team provides valuable insights to enable security analysts and blue teamers to defend and be aware of these scam tactics.
Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199
The Splunk Threat Research Team examines exploit operations, analytics, hunting queries, and tips on capturing TeamCity logs.
Unveiling Phemedrone Stealer: Threat Analysis and Detections
The Splunk Threat Research Team dissects the Phemedrone Stealer.
Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard
The Splunk Threat Research Team outlines the attack chain detailed in the Microsoft blog, offering practical detection and hunting tips for cybersecurity defenders.
Another Year of RATs and Trojan Stealer: Detection Commonalities and Summary
The Splunk Threat Research Team shares analysis, analytic stories and security detections for seven well-known RAT and Trojan Stealer malware families.
Security Insights: Jenkins CVE-2024-23897 RCE
In response to CVE-2024-23897, the Splunk Threat Research Team has developed new security detections and hunting queries to support defenders.
Security Insights: Tracking Confluence CVE-2023-22527
In response to CVE-2023-22527, the Splunk Threat Research Team has developed new security detections to support defenders.
Security Insights: Investigating Ivanti Connect Secure Auth Bypass and RCE
The Splunk Threat Research Team has swiftly developed Splunk analytics and hunting queries, helping defenders quickly adapt and respond to emerging threats CVE-2023-46804 and CVE-2024-21887.
Enter The Gates: An Analysis of the DarkGate AutoIt Loader
The Splunk Threat Research Team (STRT) provides a deep dive analysis of the DarkGate malware and its use of AutoIt.
