Splunk Server Attack: Get Local File Access

“Local File Access takes advantage of a common Splunk misconfiguration, where the Splunk server runs as a privileged user account, or root/SYSTEM. By accessing Splunk as a root user, I hope to be able to read all the files stored on the local file system.”
-Ryan, TBG Security‘s Director of Security Engineering

[videoframes src=”https://youtu.be/s8FLzMHFygg” skin=”17″ controls=”1″ headline_color=”#000000″ headline_size=”22″]

Get In Touch

Have a question? We’re here to help.

Contact Us