Skip to main content
false
Splunk Blogs
Splunk Blogs
Splunk Blogs
Splunk Threat Research Team

Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 10 Min Read

More Than Just a RAT: Unveiling NjRAT's MBR Wiping Capabilities
The Splunk Threat Research Team (STRT) provides a deep-dive analysis of NjRAT (or Bladabindi), a Remote Access Trojan (RAT) discovered in 2012 that's still active today.
Security 5 Min Read

Detect WS_FTP Server Exploitation with Splunk Attack Range
The Splunk Threat Research Team shares how they used Splunk Attack Range to develop detection content related to CVE-2023-40044.
Security 8 Min Read

Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT
The Splunk Threat Research Team provides a deep-dive analysis of Ave Maria RAT, also known as 'Warzone RAT.'
Security 9 Min Read

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs
Splunk's Threat Research Team delves into the attack's components, usage of tools like Mockbin and headless browsers, and provides guidance on detecting such activities.
Security 9 Min Read

Sharing is Not Caring: Hunting for Network Share Discovery
This post offers a practical guide to enhancing detection strategies against network share discovery, a technique often used by threat actors.
Security 8 Min Read

Amadey Threat Analysis and Detections
The Splunk Threat Research Team shares a deep-dive analysis of the Amadey Trojan Stealer, an active and prominent malware that first emerged on the cybersecurity landscape in 2018 and has maintained a persistent botnet infrastructure ever since.
Security 9 Min Read

Don’t Get a PaperCut: Analyzing CVE-2023-27350
The Splunk Threat Research team shares insights on the CVE-2023-27350 vulnerability, proof of concept scripts, setting up Splunk logging, and detecting adversaries for secure printing.
Security 11 Min Read

Do Not Cross The 'RedLine' Stealer: Detections and Analysis
The Splunk Threat Research Team provides a deep dive analysis of the RedLine Stealer threat and shares valuable insights to help enable blue teamers to defend against and detect this malware variant.
Security 5 Min Read

Security Content from the Splunk Threat Research Team
The blog explains how STRT develops Splunk Security Content, aiding detection engineering and threat research teams to efficiently detect and respond to potential threats, using ESCU App amidst growing security incidents and system complexity.
Security 7 Min Read

Threat Update: AwfulShred Script Wiper
The Splunk Threat Research Team shares their findings on the Linux-targeted destructive payload AwfulShred.
Security 15 Min Read

These Are The Drivers You Are Looking For: Detect and Prevent Malicious Drivers
The Splunk Threat Research Team explores how to detect and prevent malicious drivers and discusses Splunk Security Content available to defend against these types of attacks.
Security 9 Min Read

Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise
In this Splunk blog post, we aim to equip defenders with the necessary tools and strategies to actively hunt down and counteract this campaign. Additionally, we will offer some resilient analytic ideas that can serve as a foundation for future threat detection and response efforts.
Security 9 Min Read

AsyncRAT Crusade: Detections and Defense
The Splunk Threat Research Team explores detections and defense against the Microsoft OneNote AsyncRAT malware campaign.
Security 11 Min Read

Breaking the Chain: Defending Against Certificate Services Abuse
Explore the common certificate abuses leveraged by current and relevant adversaries in the wild, the multiple methods they use to obtain certificates, how to gather relevant logs and ways to mitigate adversaries stealing certificates.
Security 4 Min Read

Threat Advisory: SwiftSlicer Wiper STRT-TA03
The Splunk Threat Research Team shares a closer look at the SwiftSlicer wiper, a new payload discovered by ESET and found in a recent January 2023 campaign.
Security 8 Min Read

Fantastic IIS Modules and How to Find Them
This blog showcases how to enable and ingest IIS operational logs, utilize PowerShell scripted inputs to ingest installed modules and simulate AppCmd and PowerShell adding new IIS modules and disable HTTP logging using Atomic Red Team.
Security 7 Min Read

All the Proxy(Not)Shells
The Splunk Threat Research Team walks through exploitation of ProxyShell and ProxyNotShell using MetaSploit, and hunts through data in Splunk to showcase different avenues for defenders to identify malicious activity.
Security 13 Min Read

From Registry With Love: Malware Registry Abuses
The Splunk Threat Research Team explores the common Windows Registry abuses leveraged by current and relevant malware families in the wild and how to detect them.
CONTACT SPLUNK
CONTACT SPLUNK
USER REVIEWS
USER REVIEWS
SPLUNK MOBILE
Download Splunk Mobile on the apple app store
Download Splunk Mobile on the Google Play store
Legal
Patents
Privacy
Sitemap
Website Terms of Use

© 2005 - 2024 Splunk LLC All rights reserved.