Splunk is proud to be a sponsor of Black Hat 2021 Virtual Experience!
Attend our speaking sessions, explore our sponsor page, and enter our giveaway at the bottom of this page for a chance to win!

Security modernization starts with data.

Find out why security leaders from Zoom, Nasdaq, University of Arizona, and Slack trust Splunk to keep people and property safe, enable transformation, invest in the future, and reduce risk and costs.

"My, don't you look ransom today?" - modern detection strategies for the cyber-plague of our times

Wednesday, August 4 | 4:10pm - 5:00pm PT | Business Hall Theater C

Every week it seems like there's a new ransomware headline targeting new victims and industries, exposing businesses to a whole new set of threats and adversaries to manage. What can you do to ensure that you aren't the next victim? The best response for ransomware is prevention, but that's easier said than done. Join the Splunk Threat Research Team as they outline detection opportunities in the ransomware lifecycle from discovery, lateral movement, and execution and demonstrate using free and open-source tools to mitigate ransomware attacks and advanced techniques for attack simulation, replication, detection, and defense.

Jose Hernandez
Sr Manager Threat
Researcher at Splunk

Rod Soto
Principal Security
Research Engineer

An IOC’s Way Home: Navigating Threat Intelligence with TruSTAR and Splunk

Wednesday, August 4 | 8:00am - 8:15am PT | Virtual On-Demand Zone

Another day, another never-ending stream of threat intelligence sources to parse through. While you and your security operations team aren’t alone in this struggle, there’s a better way to navigate and understand the Indicator of Compromise (IOC) landscape. Effective security teams take a data-centric approach to transform intelligence from third- party providers and historical events through integration and automation, gaining more insight about threats and threat actors while mitigating risks. Join this session and explore high-level use cases so you can start operationalizing threat intelligence and give you actionable ways to better protect your business’s most valuable asset – its data.

Steven Chamales
Product Manager and
former TruSTAR alum, Splunk

Marcus LaFerrera
Security Strategist,

Git Wild Hunt: A Tool for Hunting Leaked Credentials

Wednesday, August 4 | 2:00pm-3:10pm PT | Business Hall, Arsenal Station 1
Thursday, August 5 | 10:00am-11:00am PT | Virtual
Thursday, August 5 | 12:00pm-12:50pm PT | Business Hall, Arsenal Station 4

Git Wild Hunt is a tool designed to search and identify leaked credentials at public repositories such as Github. Git Wild Hunt searches for footprints and patterns of over 30 of the most used secrets/credentials on the internet, especially those used in Devops and IT Operations. This tool helps developers and security operation departments discover leaked credentials in public repositories. This tool is also a recon tool for red teamers and pentesters, as it also provides metadata from leaks such as usernames, company names, secret types, and dates.

Jose Hernandez
Sr Manager Threat
Researcher at Splunk

Rod Soto
Principal Security
Research Engineer

PurpleSharp 2.0: Active Directory Attack Simulations

Wednesday, August 4 | 3:20pm-4:30pm PT | Business Hall, Arsenal Station 1
Wednesday, August 4 | 12:00pm-1:00pm PT | Virtual
Thursday, August 5 | 11:00am-11:50am PT | Business Hall, Arsenal Station 4

After obtaining an initial foothold in a corporate environment, adversaries will most likely have to interact with Active Directory across the attack lifecycle before achieving operational success. Prevention has fallen short and defender's best shot at uncovering threats in their environments is to design and deploy effective monitoring/detection strategies for AD-based attacks. PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques against Windows environments. The resulting telemetry can be leveraged to measure and improve the efficacy of a detection program. PurpleSharp executes different behavior across the attack lifecycle following the MITRE ATT&CK Framework's tactics: execution, persistence, privilege escalation, credential access, lateral movement, etc. PurpleSharp 2.0 introduces the ability to execute automated adversary simulation playbooks that are flexible and customizable against Active Directory environments. This allows defenders to measure detection coverage across various scenarios and variations of the same techniques.

Mauricio Velazco
Principal Engineer
Threat Research, Splunk

Learn about Splunk for Security

Joint Partner Assets

AWS and Splunk for Security

Google and Splunk for Security

Recorded Future and Splunk for Security

RiskIQ and Splunk for Security

Safebreach and Splunk for Security

Tenable and Splunk for Security

Zscaler and Splunk for Security

Upcoming Events

August 18

Automation for the Modern SOC - hosted by Splunk

August 24-25

Sponsoring - AWS re:inforce

September 20-22

October 18-21

.conf21 - hosted by Splunk