The Attack Range solves two main challenges in development of detections: - quickly build a small pre configured lab infrastructure as close as possible to your production environment - perform attack simulation using Atomic Red Team https://t.co/i8cpGJZNRz

🚨 SAP NetWeaver Webshells Spotted: CVE-2025-31324 in the Wild 🚨 Multiple reports confirmed active exploitation of SAP NetWeaver Visual Composer vulnerabilities (CVE-2025-31324). Attackers are dropping lightweight JSP webshells like the ones shared by Onapsis, captured by

Looking to secure your homelab #Kubernetes? This guide covers: • Container security: Static code analysis, scanning, minimal base images • Kubernetes hardening: RBAC, API security, etcd protection • Testing tools: kube-bench, checkov, red-kube https://t.co/wJtgVYcMZ7

SQL Server can be exploited for system access, persistence, and code execution. Our STRT team's blog shows how attackers abuse stored procedures, CLR assemblies, and registry modifications—while providing detection rules to catch them in action.

Latin American banking trojan Grandoreiro expands globally, targeting 1,500+ banks with: • Sophisticated string encryption • Domain generation algorithm for C2 comms • Anti-sandbox techniques • Registry persistence • Outlook mail harvesting https://t.co/gPnSE1cPHy

Critical RCE vulnerabilities in Ingress-Nginx Controller (CVE-2025-1974, CVSS 9.8) affect versions ≤1.12.0 and ≤1.11.4. The webhook service (port 8443) is exploitable. Check your cluster with: kubectl get ValidatingWebhookConfiguration -A https://t.co/teELh8kJFx

Excited to share this blog about our improved https://t.co/qe3SmYkcuh! 📓 https://t.co/FfbE0ITY0c Already seeing 20K+ active users in just 30 days since soft launch! Huge shoutout to @TyneDarke and the marketing team for this amazing piece, and to Lou Stella,

New Splunk Attack Range got me like : lol https://t.co/6mxOvokO5Y

🚨 Big News for Splunk Attack Range Users! 🚨 We’ve just dropped a major update— @Snort 3 is now integrated into the Splunk Attack Range! 🎉🐍 Amazing work by @bareiss_patrick ! If you haven’t tried out Attack Range yet, it’s a breeze to get started! 🍃 Clone the repo:

🚨LOLRMM Update 🚂 You thought we were done? Nope. 🔥 Deduplication efforts are in the works 🔥 Experts (@_josehelps) are reviewing the site code to ensure we deliver the most epic LOLRMM experience. 🔥 More and more RMMs are being completed (@Kostastsale @nas_bench ) 🔥 Who

Will be showing open source "Splunk Attack Range" at Black Hat Arsenal 2024 in Las Vegas with my colleague Patrick Bareiß @bareiss_patrick #strt #splunkattackrange #splunk #splunkthreatresearchteam #blackhatusa #blackhatarsenal #blackhat

happy to share our latest #STRT Blog on #SnakeKeylogger! This includes the intriguing loader variant, Malware Analysis, TTPs we've extracted and a comprehensive list of our developed detections! 😊 #splunk #RE #int3 #blueteam #detectionengineering https://t.co/DIsrhOGA84

🚨 #Splunk Threat Research Team Release 4.18.0!🚨 ✨ Key Updates: 🛡️ Kubernetes Security: Advanced detections for containerized environment threats, including unusual access and abuse scenarios. 🔒 Enhanced MFA Security in PingID: 4 new detections by Steven D., addressing

Excited to share the #STRT blog for #plugx malware. This blog includes deep dive analysis of this plugx variant, splunk detections and a python tool to extract the config and the headless payload. I hope it helps 😊 #malware #splunk #RE #blueteam int3 https://t.co/gW9PrCg4kY

Learn how the Splunk Threat Research Team is revolutionizing detection engineering efficiency. Get a sneak peek into Security Content v4.0's features. Essential reading for detection engineers, security analysts, and team leaders. https://t.co/P78XWvfpGE

happy to share the #STRT blog for detections and analysis of #asyncrat campaign. We also include some tips how you can extract the actual payload in its .bat script loader. 🙂 #asyncrat #malware #int3 #SplunkBlogs #splunk #RE https://t.co/k56iRgOOm0

I didn't want to mention it, but after my last SANS preso on hunting drivers, I've decided to build a site similar to LOLBAS project presenting all known vulnerable Windows drivers. More to come. Until then, give it a follow. https://t.co/IfUnrKsmxm

Splunk STRT researchers describe the different tactics, techniques and procedures mapped to the ATT&CK framework leveraged by Agent Tesla remote access trojan. https://t.co/GTiRELnejS

Excited to share that the #STRT just published a breakdown and @splunk 🛡️detections for #AgentTesla. This #RAT has been at the top for sandboxes like @abuse_ch and @anyrun_app for years. Hope this helps analysts better understand and defend against it! https://t.co/qUTltHjYXT

Come to Miami in May for @hackmiami Check out the courses and trainers coming into town! @rodsoto @christruncer @Gr1mmie @jayeshsch @bareiss_patrick @ProfKilroy and the @BCSecurity1 crew @Cx01N_ @_Hubbl3 https://t.co/igLLfU7nVF