Skip to main content
false
Splunk Blogs
Splunk Blogs
Splunk Blogs
Splunk Threat Research Team

Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 12 Min Read

ValleyRAT Insights: Tactics, Techniques, and Detection Methods
The Splunk Threat Research Team conducts an analysis for several variants of ValleyRAT’s malware samples to extract its MITRE ATT&CK tactics, techniques, and procedures (TTPs).
Security 3 Min Read

Introducing Splunk Attack Range v3.1
The Splunk Threat Research Team is happy to release v3.1 of Splunk Attack Range.
Security 14 Min Read

PowerShell Web Access: Your Network's Backdoor in Plain Sight
The Splunk Threat Research Teams dives deep into PowerShell Web Access (PSWA) exploring its functionality within the context of cyber threats.
Security 11 Min Read

My CUPS Runneth Over (with CVEs)
This blog dissects the technical intricacies of the CUPS vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
Security 17 Min Read

Handala’s Wiper: Threat Analysis and Detections
Cisco Talos and the Splunk Threat Research Team provide a comprehensive analysis that expands on existing coverage of Handala's Wiper and offers unique insights.
Security 13 Min Read

ShrinkLocker Malware: Abusing BitLocker to Lock Your Data
The Splunk Threat Research Team shares their findings and methodologies to aid the cybersecurity community in combating ShrinkLocker effectively.
Security 8 Min Read

The Final Shell: Introducing ShellSweepX
The Splunk Threat Research Team is excited to announce the final tool in the ShellSweep collection: ShellSweepX.
Security 3 Min Read

Splunk Security Content for Threat Detection & Response: Q2 Roundup
Learn about the latest security content from Splunk.
Security 13 Min Read

Previous Security Content Roundups from the Splunk Threat Research Team (STRT)
Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
Security 6 Min Read

AcidPour Wiper Malware: Threat Analysis and Detections
The Splunk Threat Research Team provides an analysis of AcidPour and how to use Splunk’s out-of-the-box security content to help defend against this wiper malware.
Security 4 Min Read

Splunk Security Content for Impact Assessment of CrowdStrike Windows Outage
This blog is intended to help existing Splunk customers who are also customers of CrowdStrike gain visibility into how the CrowdStrike outage may be impacting their organizations.
Security 8 Min Read

Breaking Down Linux.Gomir: Understanding this Backdoor’s TTPs
The Splunk Threat Research Team provides an analysis of Linux.Gomir to help security analysts, blue teamers and Splunk customers defend against this threat.
Security 14 Min Read

Introducing ShellSweepPlus: Open-Source Web Shell Detection

Detect web shells easily with ShellSweepPlus, an open-source tool for detecting potential web shells. Learn how ShellSweepPlus works and how to use it here.
Security 9 Min Read

regreSSHion: Uncovering CVE-2024-6387 in OpenSSH - A Critical Vulnerability
CVE-2024-6387, aka "regreSSHion", exposes Linux environments to remote unauthenticated code execution. Learn how to handle this CVE here.
Security 8 Min Read

LNK or Swim: Analysis & Simulation of Recent LNK Phishing
LNK files are a common starting point for many phishing campaigns. Read on to strengthen your defenses against these LNK file phishing attacks.
Security 10 Min Read

Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 2
Leverage the power of Splunk to ingest, visualize, and analyze AppLocker events, enabling you to gain valuable insights and strengthen your organization's security posture.
Security 11 Min Read

Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 1
The Splunk Threat Research Team provides a comprehensive overview of AppLocker and guidance for getting started with AppLocker policies
Security 6 Min Read

Security Insights: Detecting CVE-2024-4040 Exploitation in CrushFTP
The Splunk Threat Research Team explores how Splunk can help you identify and investigate CVE-2024-4040 exploitation in your CrushFTP environment.
CONTACT SPLUNK
CONTACT SPLUNK
USER REVIEWS
USER REVIEWS
SPLUNK MOBILE
Download Splunk Mobile on the apple app store
Download Splunk Mobile on the Google Play store
Legal
Patents
Privacy
Sitemap
Website Terms of Use

© 2005 - 2024 Splunk LLC All rights reserved.