Splunk Threat Research: Cloud Federated Credential Abuse & Cobalt Strike

Presented by

Kelly Huang, Security Product Marketing, Rod Soto, Principal Security Research Engineer, Michael Haag, Snr Threat Researcher

About this talk

The Splunk Threat Research team is dedicated to understanding malicious actor behaviour and researching known threats to build detections and analytics that the entire Splunk community can benefit from. The latest analytics from the team cover Cloud Federated Credential Abuse of Active Directory Federation Services and between Cloud Providers. They also published an Analytics Story to enable detection of Malleable C2 profiles deployed via Cobalt Strike, an emulation software that Red Teams and pen testers use that recently got into the hands of adversaries. Join this webinar to learn: - Why Cloud Federated Credential Abuse has to be top of mind of every security team - What Cobalt Strike is and what it takes to detect injected shellcode with Splunk - How the Splunk Threat Research team works and how you can benefit from what they do

Related topics:

More from this channel

Upcoming talks (8)
On-demand talks (271)
Subscribers (33799)
Splunk is the world’s first Data-to-Everything Platform. Now organizations no longer need to worry about where their data is coming from, and they are free to focus on the business outcomes that data can deliver. Innovators in IT, Security, IoT and business operations can now get a complete view of their business in real time, turn data into business outcomes, and embrace technologies that prepare them for a data-driven future.