Skip to main content
false
Splunk Threat Research Team

Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 6 Min Read

Security Insights: Detecting CVE-2024-4040 Exploitation in CrushFTP

The Splunk Threat Research Team explores how Splunk can help you identify and investigate CVE-2024-4040 exploitation in your CrushFTP environment.
Security 14 Min Read

Splunk Tools & Analytics To Empower Threat Hunters

Calling all threat hunters! This article dives into the many Splunk tools and analytics that can help threat hunters in their day-to-day hunting activities.
Security 17 Min Read

Hunting M365 Invaders: Dissecting Email Collection Techniques

The Splunk Threat Research Team describes various methods attackers may leverage to monitor mailboxes, how to simulate them and how teams can detect them using Splunk’s out-of-the-box security content.
Security 3 Min Read

From Water to Wine: An Analysis of WINELOADER

In this blog post we'll look closely at the WINELOADER backdoor and how Splunk can be used to detect and respond to this threat.
Security 10 Min Read

Under the Hood of SnakeKeylogger: Analyzing its Loader and its Tactics, Techniques, and Procedures

In this blog, the Splunk Threat Research Team provides valuable insights to enable security analysts and blue teamers to defend and be aware of these scam tactics.
Security 9 Min Read

Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199

The Splunk Threat Research Team examines exploit operations, analytics, hunting queries, and tips on capturing TeamCity logs.
Security 11 Min Read

Unveiling Phemedrone Stealer: Threat Analysis and Detections

The Splunk Threat Research Team dissects the Phemedrone Stealer.
Security 11 Min Read

Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard

The Splunk Threat Research Team outlines the attack chain detailed in the Microsoft blog, offering practical detection and hunting tips for cybersecurity defenders.
Security 9 Min Read

Another Year of RATs and Trojan Stealer: Detection Commonalities and Summary

The Splunk Threat Research Team shares analysis, analytic stories and security detections for seven well-known RAT and Trojan Stealer malware families.
Security 5 Min Read

Security Insights: Jenkins CVE-2024-23897 RCE

In response to CVE-2024-23897, the Splunk Threat Research Team has developed new security detections and hunting queries to support defenders.
Security 6 Min Read

Security Insights: Tracking Confluence CVE-2023-22527

In response to CVE-2023-22527, the Splunk Threat Research Team has developed new security detections to support defenders.
Security 6 Min Read

Security Insights: Investigating Ivanti Connect Secure Auth Bypass and RCE

The Splunk Threat Research Team has swiftly developed Splunk analytics and hunting queries, helping defenders quickly adapt and respond to emerging threats CVE-2023-46804 and CVE-2024-21887.
Security 10 Min Read

Enter The Gates: An Analysis of the DarkGate AutoIt Loader

The Splunk Threat Research Team (STRT) provides a deep dive analysis of the DarkGate malware and its use of AutoIt.
Security 7 Min Read

Ghost in the Web Shell: Introducing ShellSweep

Splunk introduces ShellSweep, a suite of utilities designed to detect and combat malicious web shells in servers.
Security 17 Min Read

Hunting M365 Invaders: Blue Team's Guide to Initial Access Vectors

Discover insights from the Splunk Threat Research Team on Microsoft 365 threat detection, focusing on data source analysis and effective methods for hunting initial access threats.
Security 17 Min Read

Deploy, Test, Monitor: Mastering Microsoft Defender ASR with Atomic Techniques in Splunk

Explore Microsoft Defender ASR's role in cybersecurity with Splunk and learn deployment, testing, and monitoring strategies for robust defense.
Security 8 Min Read

Unmasking the Enigma: A Historical Dive into the World of PlugX Malware

The Splunk Threat Research Team (STRT) unravels the mystery of a PlugX variant, peeling back the layers of its payload, tactics, and impact on the digital realm.
Security 10 Min Read

Take a SIP: A Refreshing Look at Subject Interface Packages

Splunker Michael Haag dives into Subject Interface Packages (SIPs) and their role in Windows security, exploring how SIPs can be exploited by malicious actors to bypass security measures and sign malicious code.