Tag: SURGe
Latest Articles
Detecting New Domains in Splunk (Finding New Evil)
Ready to find "new" domains that may be naughty? We'll walk you through how to use Splunk & Splunk Enterprise Security to do that: get the full story here!
Add To Chrome? - Part 4: Threat Hunting in 3-Dimensions: M-ATH in the Chrome Web Store
SURGe experiments with a method to find masquerading using M-ATH with Splunk and the DSDL App.
Add to Chrome? - Part 3: Findings and Recommendations
SURGe explores findings and general recommendations on whether or not you should click 'Add to Chrome' the next time you find a fancy new extension.
Add to Chrome? - Part 2: How We Did Our Research
SURGe explores the analysis pipeline in more detail and digs into the two main phases of this research – how the team collected the data and how they analyzed it.
Add to Chrome? - Part 1: An Analysis of Chrome Browser Extension Security
An overview of SURGe research that analyzed the entire corpus of public browser extensions available on the Google Chrome Web Store.
Hypothesis-Driven Cryptominer Hunting with PEAK
A sample hypothesis-driven hunt, using SURGe's PEAK threat hunting framework, looking for unauthorized cryptominers.
Old School vs. New School
The Splunk SURGe team examines the claim that generative AI will empower threat actors to improve the scale and/or efficiency of their spear-phishing campaigns.
SOC Models: In-House, Out-Sourced, or Hybrid SOC?
Splunk's Kirsty Paine shares best practices from a roundtable held at Gartner Security & Risk Management Summit 2023.
Detecting Dubious Domains with Levenshtein, Shannon & URL Toolbox
Got some parsed fields that you're ready to analyze... possibly for threat hunting? We'll use Levenshtein, Shannon & URL Toolbox to show you how!
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
