Tag: Security Research

The Splunk Threat Research Team shares a closer look at a new malicious payload named DoubleZero Destructor (CERT-UA #4243).

Splunk SURGe Report reveals the need for ransomware prevention over response and mitigation.

In this January 2022 release, The Splunk Threat Research (STRT) team focused on the recently released Sysmon for Linux technology addition to Splunk.

Deep dive with the Splunk Threat Research Team on Linux Privilege Escalation and Linux Persistence Techniques.

Start detection against behaviors and TTPs from a Remcos loader that utilizes DynamicWrapperX (dynwrapx.dll) to execute shellcode and inject Remcos RAT into the target process.

Automate and simplify finding detections against ATT&CK techniques used by adversaries with Splunk SURGe's open-sourced project, ATT&CK Detections Collector (ADA).

Splunk Threat Research Team simulated the Log4j vulnerabilities in the Splunk Attack Range. Using the data collected, we developed 13 new detections and 9 playbooks to help Splunk SOAR customers investigate and respond to this threat.

Good news, you can use Splunk to proactively hunt using Network Traffic and DNS query logs data sources to detect potential Log4Shell exploit. From Splunk SURGe, learn even more detections against CVE-2021-44228.

A serious remote code execution (RCE) vulnerability (CVE-2021-44228) in the popular open source Apache Log4j logging library poses a threat to thousands of applications and third-party services that leverage this library. From Splunk SURGe, learn how you can detect Log4j 2 RCE using Splunk.