Weaponizing Splunk: Using Blue Team Tools for Evil

This is a collection of the developed apps and the presentation slides.

Splunk is a log aggregation and correlation tool that is normally used for defensive analysis and infrastructure management. What if Attackers could use this same tool against the blue team? Companies deploy security products with no real purpose other than checking a box. While these tools can be used for good they can also turn against the organization and become their worst nightmare. During this presentation, I will discuss creative uses of Splunk that penetration testers and red teamers can use to gain more access and move laterally within an organization.

Biography

Ryan Hays
hays.ryan@gmail.com
Twitter: @_ryanhays
Github: https://github.com/MrJester

Presented At:

BSides San Diego January 13-14 2017 (http://bsidessd.org/)
BSides Boston April 14-15 2017 (http://www.bsidesboston.org/)
BSides Nashville April 22 2017 (https://bsidesnash.org/)
BSides Baltimore April 29-30 2017 (http://www.bsidescharm.com/)

About

Weaponizing Splunk Presentation including Splunk Apps for penetration testing.

BSD 3-Clause "New" or "Revised" License