Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

Windows Service Creation on Remote Endpoint

Create or Modify System Process, Windows Service

Windows Curl Upload to Remote Destination

Ingress Tool Transfer

Windows Service Initiation on Remote Endpoint

Create or Modify System Process, Windows Service

Potential Pass the Token or Hash Observed by an Event Collecting Device

Use Alternate Authentication Material, Pass the Hash

Attacker Tools On Endpoint

Match Legitimate Name or Location, Masquerading, OS Credential Dumping, Active Scanning