Weaponizing Splunk: Attacking The Server
Attacking a default installation of the Splunk Application allows an attacker to gather intelligence about the system, as well as the the victim environment. The attacker’s aim is to gain a foothold without setting off any alarms.
Attack Demonstration Lab Setup
Victim Server Configuration
Splunk Server 6.5.3
Penetration Testing System Configuration
Kali Linux Rolling
Attack Missions on Splunk Server (Videos)
Cyberattack Video: Reviewing The Logs
Accessing the logs can provide an attacker with valuable intelligence about the victim environment. This information could allow an unauthorized person to build a very detailed attack profile.
Cyberattack Video: Get Local File Access
Accessing the operating system files can provide an attacker with credentials, confidential information, password hashes, or other very private information. This information could allow an unauthorized person to gain privileged access into the victim environment.
Cyberattack Video: Malicious Applications
Running malicious or unauthorized Splunk “add-ons” allows an attacker to execute code on a Splunk server. This can allow them to fully compromise the server and gain that initial foothold into the victim environment.
Cyberattack Video: Extract Data
Splunk stores credentials and other vital confidential information within its configuration files. This information is stored securely in an encrypted format, but using Splunk and its API, it is possible for an attacker to extract data in plain-text.
Get In Touch
Have a question? We’re here to help.