Lessons Learned: Integrating AWS MAC Instance in the Splunk Attack Range note this blog was written by Teoderick and myself 🥷🕵️♂️
In November 2020, when AWS announced the general availability of macOS instances in AWS EC2 Cloud, the Splunk Threat Research Team took this opportunity to test and implement the instance as an additional endpoint in the Splunk Attack Range.
Collecting Github Traffic Stats into Splunk It’s a bit since I blogged anything and I have been itching to dust 🧹 off my blog and start writing more tactical things I have been thinking or playing with.
Building a Windows Domain Controller with Terraform and Ansible Recently, I blogged about building a Windows domain controller (DC) using Ansible and Vagrant, which is a great and easy way to bring up a replicable environment to launch attacks against.
TLDR; (“The Haiku Version”) git clone https://github.com/splunk/building_a_windows_dc edit ansible/var/vars.yml cd splunk-server vagrant up cd ../windows_dc_2016 vagrant up navigate to http://localhost:8000
Builds a Windows 2016 domain controller with the following instrumentation:
Recently noticed a fellow college @dgryski migrated off Medium at the same time I had just let my subscription expired and hit a paywall. After a few days of work, I had also migrated off medium and are much happier.
Using CircleCI and Splunk AppInspect* Recently worked on writing and open sourcing https://github.com/splunk/TA-osquery. One of my goals was to make sure my code was in compliance with Splunk’s best practices at every stage of development.