Cisco Live San Diego Case Study: Malware Upatre! (Encrypted Visibility Engine Event)
Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.
splunk
Using AI to Battle Phishing Campaigns
Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.
Building an XDR Integration With Splunk Attack Analyzer
Cisco XDR is an infinitely extensible platform for security integrations. Like the maturing SOCs of our customers, the event SOC team at Cisco Live San Diego 2025 built custom integrations to meet our needs. You can build your own integrations using th…
Cisco Live San Diego Case Study: Hunting Cleartext Passwords in HTTP POST Requests
Cisco Security and Splunk protected Cisco Live San Diego 2025 in the Security Operations Center. Learn about the latest innovations for the SOC of the Future.
Hack The Box: Haze Machine Walkthrough – Hard Difficulty
New Write-Up Published: Haze [Medium | Windows | Active Directory] – Hack The Box
Just released a walkthrough for Haze, a medium-difficulty Windows machine on Hack The Box. Initial access was obtained by exploiting CVE-2024-36991, a local file inclusion vulnerability in Splunk, to extract LDAP credentials. This enabled a Shadow Credentials attack using PyWhisker and Certipy, allowing lateral movement to a high-privileged domain user. For privilege escalation, I utilized Splunk admin access to deploy a reverse shell via a crafted app package. Upon gaining shell access, I escalated privileges to NT SYSTEM by abusing SeImpersonatePrivilege with SweetPotato. This box offers great insight into chained Active Directory abuse and Splunk misconfigurations.
#HackTheBox #RedTeam #ActiveDirectory #Splunk #CVE202436991 #ShadowCredentials #PrivilegeEscalation #SweetPotato #CTF #InfoSec #WriteUp #CyberSecurity
The post Hack The Box: Haze Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.
Reinventing Infrastructure for the Next Wave of AI at Cisco Live
AI is changing that fast and the opportunity is bigger than anything I have ever seen in my lifetime. We need to reevaluate many of the architectural assumptions we made in previous eras of computing, networking, and security. That’s why we’ve brought…
Splunk + Cisco ThousandEyes: New Integration for End-to-End Digital Resilience
We’re bringing Splunk Observability and Cisco ThousandEyes Assurance closer together with new bi-directional integrations that connect the dots across your digital stack – from application to infrastructure to network.
How CISOs can talk cybersecurity so it makes sense to executives
CISOs know cyber risk is business risk. Boards don’t always see it that way. For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing…
Scaling the Cisco AI Assistant for Support with Splunk
Cisco needed to scale its virtual support engineer that assists its technical support teams around the world. By leveraging its own Splunk technology, Cisco was able to scale the AI assistant to support more than 1M cases and free up engineers to conce…
Instant Attack Verification: Verification to Trust Automated Response
Discover how Cisco XDR’s Instant Attack Verification brings real-time threat validation for faster, smarter SOC response.