If you think leaving vendor default configuration settings in place is secure…… Think again.
Splunk is a popular log aggregation and correlation engine. 85 of the Fortune 100 are users of this powerful software. It’s designed to quickly identify and precisely pinpoint issues within your network environment.
If Splunk is not properly hardened against attack or intrusion, it can act as a welcome mat for an unauthorized hacking event, with the aim to:
- spy on your organization
- hold you for ransom
- steal your data
- target your customers
- infect your systems
- expose your system vulnerabilities
Weaponizing Splunk: Attack Surfaces Investigated
Using our Penetration Testing and Splunk expertise, we’ve created videos with step-by-step attack simulations on a default installation of Splunk. The aim? Encourage administrators to review and harden their Splunk security settings.
Note: None these attack simulations utilize zero-day exploits or Splunk vulnerabilities. All of these attacks make use of existing Splunk features.
Three Attack Vectors
Meet our Splunk Penetration Tester
TBG Security’s Director of Security Engineering Ryan is an expert at penetrating systems by bypassing defenses and uncovering unknown weaknesses in complex networks.
Ryan has worked in IT security for 15 years, with 6 years working on the offensive side of the house. Much to Ryan’s frustration, he regularly encounters insecure Splunk configurations on live networks.
Ryan’s created the Weaponized Splunk education series to demonstrating how the attack works and share expert mitigation advice.
Get In Touch
Have a question? We’re here to help.