Sinister SQL Queries and How to Catch Them
Discover comprehensive strategies for detecting and mitigating SQL Server attacks.
Infostealer Campaign against ISPs
The Splunk Threat Research Team observed actors performing minimal intrusive operations to avoid detection, with the exception of artifacts created by accounts already compromised.
Splunk Security Content for Threat Detection & Response: February 2025 Update
Learn about the latest security content from Splunk.
Now Available: Splunk Enterprise Security Content Update App 5.0
The Splunk Threat Research Team announces the release of the Enterprise Security Content Update (ESCU) app 5.0.
Meduza Stealer Analysis: A Closer Look at its Techniques and Attack Vector
Uncover Meduza Stealer, a 2023 malware targeting credentials and crypto wallets. Explore its evasion tactics, attack methods, and Splunk’s expert insights for enhanced security.
Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion
The Splunk Threat Research Team dives into the Okta policy bypass vulnerability, offering detection insights and effective hunting strategies for security teams.
CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)
The Splunk Research Team dissects the technical intricacies of the CosmicSting vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
Cracking Braodo Stealer: Analyzing Python Malware and Its Obfuscated Loader
The Splunk Threat Research Team break down Braodo Stealer's loader mechanisms, obfuscation strategies, and payload behavior.
ValleyRAT Insights: Tactics, Techniques, and Detection Methods
The Splunk Threat Research Team conducts an analysis for several variants of ValleyRAT’s malware samples to extract its MITRE ATT&CK tactics, techniques, and procedures (TTPs).
Introducing Splunk Attack Range v3.1
The Splunk Threat Research Team is happy to release v3.1 of Splunk Attack Range.
PowerShell Web Access: Your Network's Backdoor in Plain Sight
The Splunk Threat Research Teams dives deep into PowerShell Web Access (PSWA) exploring its functionality within the context of cyber threats.
My CUPS Runneth Over (with CVEs)
This blog dissects the technical intricacies of the CUPS vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
Handala’s Wiper: Threat Analysis and Detections
Cisco Talos and the Splunk Threat Research Team provide a comprehensive analysis that expands on existing coverage of Handala's Wiper and offers unique insights.
ShrinkLocker Malware: Abusing BitLocker to Lock Your Data
The Splunk Threat Research Team shares their findings and methodologies to aid the cybersecurity community in combating ShrinkLocker effectively.
The Final Shell: Introducing ShellSweepX
The Splunk Threat Research Team is excited to announce the final tool in the ShellSweep collection: ShellSweepX.
Previous Security Content Roundups from the Splunk Threat Research Team (STRT)
Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
AcidPour Wiper Malware: Threat Analysis and Detections
The Splunk Threat Research Team provides an analysis of AcidPour and how to use Splunk’s out-of-the-box security content to help defend against this wiper malware.
Splunk Security Content for Impact Assessment of CrowdStrike Windows Outage
This blog is intended to help existing Splunk customers who are also customers of CrowdStrike gain visibility into how the CrowdStrike outage may be impacting their organizations.