Come to Miami in May for HACKMIAMI Check out the courses and trainers coming into town! Rod Soto 🇺🇸 @[email protected] Grimmie Jayesh Singh Chauhan Patrick Bareiß @ProfKilroy and the @BCSecurity1 crew Cx01N Hubbl3 hackmiami.com

Excited to share that the #STRT just published a breakdown and Splunk 🛡️detections for #AgentTesla. This #RAT has been at the top for sandboxes like abuse.ch and ANY.RUN for years. Hope this helps analysts better understand and defend against it! splunk.com/en_us/blog/sec…

Splunk STRT researchers describe the different tactics, techniques and procedures mapped to the ATT&CK framework leveraged by Agent Tesla remote access trojan. splunk.com/en_us/blog/sec…

I didn't want to mention it, but after my last SANS preso on hunting drivers, I've decided to build a site similar to LOLBAS project presenting all known vulnerable Windows drivers. More to come. Until then, give it a follow. github.com/LOLDrivers-Pro…

happy to share the #STRT blog for detections and analysis of #asyncrat campaign. We also include some tips how you can extract the actual payload in its .bat script loader. 🙂 #asyncrat #malware #int3 #SplunkBlogs #splunk #RE splunk.com/en_us/blog/sec…

Learn how the Splunk Threat Research Team is revolutionizing detection engineering efficiency. Get a sneak peek into Security Content v4.0's features. Essential reading for detection engineers, security analysts, and team leaders. splunk.com/en_us/blog/sec…

I'm excited to share a new blog series today. From soup to nuts: Building a Detection-as-Code pipeline. Part 1: medium.com/threatpunter/f… Part 2: medium.com/threatpunter/f…

Excited to share the #STRT blog for #plugx malware. This blog includes deep dive analysis of this plugx variant, splunk detections and a python tool to extract the config and the headless payload. I hope it helps 😊 #malware #splunk #RE #blueteam int3 splunk.com/en_us/blog/sec…

🚨 #Splunk Threat Research Team Release 4.18.0!🚨 ✨ Key Updates: 🛡️ Kubernetes Security: Advanced detections for containerized environment threats, including unusual access and abuse scenarios. 🔒 Enhanced MFA Security in PingID: 4 new detections by Steven D., addressing

happy to share our latest #STRT Blog on #SnakeKeylogger! This includes the intriguing loader variant, Malware Analysis, TTPs we've extracted and a comprehensive list of our developed detections! 😊 #splunk #RE #int3 #blueteam #detectionengineering splunk.com/en_us/blog/sec…

Will be showing open source "Splunk Attack Range" at Black Hat Arsenal 2024 in Las Vegas with my colleague Patrick Bareiß Patrick Bareiß #strt #splunkattackrange #splunk #splunkthreatresearchteam #blackhatusa #blackhatarsenal #blackhat blackhat.com/us-24/arsenal/…

🚨LOLRMM Update 🚂 You thought we were done? Nope. 🔥 Deduplication efforts are in the works 🔥 Experts (Jose Enrique Hernandez) are reviewing the site code to ensure we deliver the most epic LOLRMM experience. 🔥 More and more RMMs are being completed (Kostas Nasreddine Bencherchali ) 🔥 Who

🚨 Big News for Splunk Attack Range Users! 🚨 We’ve just dropped a major update— @Snort 3 is now integrated into the Splunk Attack Range! 🎉🐍 Amazing work by Patrick Bareiß ! If you haven’t tried out Attack Range yet, it’s a breeze to get started! 🍃 Clone the repo:

New Splunk Attack Range got me like : lol github.com/splunk/attack_…

Excited to share this blog about our improved research.splunk.com! 📓splunk.com/en_us/blog/sec… Already seeing 20K+ active users in just 30 days since soft launch! Huge shoutout to Tyne Darke and the marketing team for this amazing piece, and to Lou Stella,

Critical RCE vulnerabilities in Ingress-Nginx Controller (CVE-2025-1974, CVSS 9.8) affect versions ≤1.12.0 and ≤1.11.4. The webhook service (port 8443) is exploitable. Check your cluster with: kubectl get ValidatingWebhookConfiguration -A buff.ly/DTKxvSK

Latin American banking trojan Grandoreiro expands globally, targeting 1,500+ banks with: • Sophisticated string encryption • Domain generation algorithm for C2 comms • Anti-sandbox techniques • Registry persistence • Outlook mail harvesting buff.ly/EimaGMN

SQL Server can be exploited for system access, persistence, and code execution. Our STRT team's blog shows how attackers abuse stored procedures, CLR assemblies, and registry modifications—while providing detection rules to catch them in action. buff.ly/3TSJh6Q

Looking to secure your homelab #Kubernetes? This guide covers: • Container security: Static code analysis, scanning, minimal base images • Kubernetes hardening: RBAC, API security, etcd protection • Testing tools: kube-bench, checkov, red-kube buff.ly/9iaxULG

🚨 SAP NetWeaver Webshells Spotted: CVE-2025-31324 in the Wild 🚨 Multiple reports confirmed active exploitation of SAP NetWeaver Visual Composer vulnerabilities (CVE-2025-31324). Attackers are dropping lightweight JSP webshells like the ones shared by Onapsis, captured by