Detecting Active Directory Kerberos Attacks: Threat Research Release, March 2022
Learn more about the Splunk Threat Research Team's new analytic story to help SOC analysts detect adversaries abusing the Kerberos protocol to attack Windows Active Directory environments
Active Directory Lateral Movement Detection: Threat Research Release, November 2021
The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments.
Active Directory Discovery Detection: Threat Research Release, September 2021
In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.
Detecting SeriousSAM CVE-2021-36934 With Splunk
SeriousSAM or CVE-2021-36934 is a Privilege Escalation Vulnerability. The Splunk Threat Research team recommends performing an assessment to better understand the impact of this vulnerability in corporate environments.
Detecting Password Spraying Attacks: Threat Research Release May 2021
The Splunk Threat Research team walks you through a new analytic story to help SOC analysts detect adversaries executing password spraying attacks, and highlights a few detections from the May 2021 releases.
