false
Splunk Threat Research Team

Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 16 Min Read

Sinister SQL Queries and How to Catch Them

Discover comprehensive strategies for detecting and mitigating SQL Server attacks.
Security 20 Min Read

Infostealer Campaign against ISPs

The Splunk Threat Research Team observed actors performing minimal intrusive operations to avoid detection, with the exception of artifacts created by accounts already compromised.
Security 3 Min Read

Splunk Security Content for Threat Detection & Response: February 2025 Update

Learn about the latest security content from Splunk.
Security 4 Min Read

Now Available: Splunk Enterprise Security Content Update App 5.0

The Splunk Threat Research Team announces the release of the Enterprise Security Content Update (ESCU) app 5.0.
Security 18 Min Read

Meduza Stealer Analysis: A Closer Look at its Techniques and Attack Vector

Uncover Meduza Stealer, a 2023 malware targeting credentials and crypto wallets. Explore its evasion tactics, attack methods, and Splunk’s expert insights for enhanced security.
Security 11 Min Read

Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion

The Splunk Threat Research Team dives into the Okta policy bypass vulnerability, offering detection insights and effective hunting strategies for security teams.
Security 10 Min Read

CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

The Splunk Research Team dissects the technical intricacies of the CosmicSting vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
Security 10 Min Read

Cracking Braodo Stealer: Analyzing Python Malware and Its Obfuscated Loader

The Splunk Threat Research Team break down Braodo Stealer's loader mechanisms, obfuscation strategies, and payload behavior.
Security 12 Min Read

ValleyRAT Insights: Tactics, Techniques, and Detection Methods

The Splunk Threat Research Team conducts an analysis for several variants of ValleyRAT’s malware samples to extract its MITRE ATT&CK tactics, techniques, and procedures (TTPs).
Security 3 Min Read

Introducing Splunk Attack Range v3.1

The Splunk Threat Research Team is happy to release v3.1 of Splunk Attack Range.
Security 14 Min Read

PowerShell Web Access: Your Network's Backdoor in Plain Sight

The Splunk Threat Research Teams dives deep into PowerShell Web Access (PSWA) exploring its functionality within the context of cyber threats.
Security 11 Min Read

My CUPS Runneth Over (with CVEs)

This blog dissects the technical intricacies of the CUPS vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
Security 17 Min Read

Handala’s Wiper: Threat Analysis and Detections

Cisco Talos and the Splunk Threat Research Team provide a comprehensive analysis that expands on existing coverage of Handala's Wiper and offers unique insights.
Security 13 Min Read

ShrinkLocker Malware: Abusing BitLocker to Lock Your Data

The Splunk Threat Research Team shares their findings and methodologies to aid the cybersecurity community in combating ShrinkLocker effectively.
Security 8 Min Read

The Final Shell: Introducing ShellSweepX

The Splunk Threat Research Team is excited to announce the final tool in the ShellSweep collection: ShellSweepX.
Security 12 Min Read

Previous Security Content Roundups from the Splunk Threat Research Team (STRT)

Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
Security 6 Min Read

AcidPour Wiper Malware: Threat Analysis and Detections

The Splunk Threat Research Team provides an analysis of AcidPour and how to use Splunk’s out-of-the-box security content to help defend against this wiper malware.
Security 4 Min Read

Splunk Security Content for Impact Assessment of CrowdStrike Windows Outage

This blog is intended to help existing Splunk customers who are also customers of CrowdStrike gain visibility into how the CrowdStrike outage may be impacting their organizations.