Security Insights: Investigating Ivanti Connect Secure Auth Bypass and RCE
The Splunk Threat Research Team has swiftly developed Splunk analytics and hunting queries, helping defenders quickly adapt and respond to emerging threats CVE-2023-46804 and CVE-2024-21887.
Ghost in the Web Shell: Introducing ShellSweep
Splunk introduces ShellSweep, a suite of utilities designed to detect and combat malicious web shells in servers.
Deploy, Test, Monitor: Mastering Microsoft Defender ASR with Atomic Techniques in Splunk
Explore Microsoft Defender ASR's role in cybersecurity with Splunk and learn deployment, testing, and monitoring strategies for robust defense.
Take a SIP: A Refreshing Look at Subject Interface Packages
Splunker Michael Haag dives into Subject Interface Packages (SIPs) and their role in Windows security, exploring how SIPs can be exploited by malicious actors to bypass security measures and sign malicious code.
Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs
Splunk's Threat Research Team delves into the attack's components, usage of tools like Mockbin and headless browsers, and provides guidance on detecting such activities.
Follina for Protocol Handlers
The Splunk Threat Research Team shares how to identify protocol handlers on an endpoint, different ways to simulate adversary tradecraft that utilizes a protocol handler, and a piece of inspiring hunting content to help defenders identify protocol handlers being used in their environment.
