Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

GetWmiObject User Account with PowerShell

Account Discovery, Local Account

WinEvent Windows Task Scheduler Event Action Started

Scheduled Task

Powershell Fileless Script Contains Base64 Encoded Content

Command and Scripting Interpreter, Obfuscated Files or Information, PowerShell

System User Discovery With Whoami

System Owner/User Discovery

PowerShell Loading DotNET into Memory via Reflection

Command and Scripting Interpreter, PowerShell