The following is a walkthrough of Remcos executed via Attack Range Local. We will go over some of the multiple and intrusive operations this remote access tool can execute at compromised hosts.
Software supply chain attacks are not going away. As our network defenses improve, adversaries must move up the chain to stay a step ahead of our defenses.
Splunk has a new security research team focused on in-depth analysis of the latest cybersecurity news to help the public navigate security incidents with confidence using Splunk.
The autoregression command, which is a centralized streaming command, is used to calculate a moving average. Learn how to use this command to gather information, just in time for Boss of the SOC v6!
In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.
Adversaries are using PowerShell attacks, but luckily the Splunk Threat Research Team (STRT) has developed PowerShell analytics for Splunk by using the Splunk Attack Range to collect the generated logs, and hunt for suspicious PowerShell.