Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

GPUpdate with no Command Line Arguments with Network

Process Injection

Kerberos User Enumeration

Gather Victim Identity Information, Email Addresses

Unknown Process Using The Kerberos Protocol

Use Alternate Authentication Material

Suspicious msbuild path

Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild

MacOS LOLbin

Unix Shell, Command and Scripting Interpreter