If you think leaving vendor default configuration settings in place is secure…… Think again.

Splunk is a popular log aggregation and correlation engine. 85 of the Fortune 100 are users of this powerful software. It’s designed to quickly identify and precisely pinpoint issues within your network environment.

If Splunk is not properly hardened against attack or intrusion, it can act as a welcome mat for an unauthorized hacking event, with the aim to:

  • spy on your organization
  • hold you for ransom
  • steal your data
  • target your customers
  • infect your systems
  • expose your system vulnerabilities

“Turns out many IT administrators rely on Splunk’s default security configurations, assuming the default settings are strong enough to thwart cyber attacks.They’re not.”


Weaponizing Splunk: Attack Surfaces Investigated

Using our Penetration Testing and Splunk expertise, we’ve created videos with step-by-step attack simulations on a default installation of Splunk. The aim? Encourage administrators to review and harden their Splunk security settings.
Note: None these attack simulations utilize zero-day exploits or Splunk vulnerabilities. All of these attacks make use of existing Splunk features.


Three Attack Vectors


Meet our Splunk Penetration Tester

TBG Security’s Director of Security Engineering Ryan is an expert at penetrating systems by bypassing defenses and uncovering unknown weaknesses in complex networks.

Ryan has worked in IT security for 15 years, with 6 years working on the offensive side of the house. Much to Ryan’s frustration, he regularly encounters insecure Splunk configurations on live networks.

Ryan’s created the Weaponized Splunk education series to demonstrating how the attack works and share expert mitigation advice.

“Administrators need to see how easy it is to bypass default Splunk security settings. When I present this information at conferences or client meetings, they are blown away.”
-Ryan, TBG Security‘s Director of Security Engineering


Get In Touch

Have a question? We’re here to help.

Contact Us