false

Tag: Security Research

Latest Articles

Security 9 Min Read

AsyncRAT Crusade: Detections and Defense

The Splunk Threat Research Team explores detections and defense against the Microsoft OneNote AsyncRAT malware campaign.
Security 11 Min Read

Breaking the Chain: Defending Against Certificate Services Abuse

Explore the common certificate abuses leveraged by current and relevant adversaries in the wild, the multiple methods they use to obtain certificates, how to gather relevant logs and ways to mitigate adversaries stealing certificates.
Security 8 Min Read

Fantastic IIS Modules and How to Find Them

This blog showcases how to enable and ingest IIS operational logs, utilize PowerShell scripted inputs to ingest installed modules and simulate AppCmd and PowerShell adding new IIS modules and disable HTTP logging using Atomic Red Team.
Security 13 Min Read

From Registry With Love: Malware Registry Abuses

The Splunk Threat Research Team explores the common Windows Registry abuses leveraged by current and relevant malware families in the wild and how to detect them.
Security 3 Min Read

Staff Picks for Splunk Security Reading December 2022

Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
Security 2 Min Read

How Good is ClamAV at Detecting Commodity Malware?

We ran over 400,000 instances of malware to see how good ClamAV really is. Here's the data.
Security 24 Min Read

AppLocker Rules as Defense Evasion: Complete Analysis

The Splunk Threat Research Team analyzes 'Azorult loader' (a payload that imports its own AppLocker rules) to understand the tactics and techniques that may help defend against these types of threats.
Security 2 Min Read

Staff Picks for Splunk Security Reading August 2022

Check out the latest staff picks from our Splunk security experts, featuring a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
Security 2 Min Read

Staff Picks for Splunk Security Reading July 2022

Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.