Weaponizing Splunk - Using Blue Team Tools for Evil

Explore a conference talk from BSides Nashville 2017 that delves into the potential misuse of Splunk, a popular log management and analysis tool. Learn about the various attack surfaces and misconfigurations that can be exploited in Splunk deployments. Discover how attackers can leverage Splunk's features, including syslog and deployment servers, to gain unauthorized access and execute malicious actions. Witness demonstrations of exploiting vulnerabilities using Metasploit and Python, as well as attacking Windows systems through PowerShell. Gain insights into data-driven attacks using tools like WiFi Pineapple and Hashcat. Understand the importance of proper configuration and security measures to protect Splunk installations from potential weaponization.

Intro
The Story
Overview
What is Splunk
Splunk Syslog
Deployment Server
Deployment Server Demo
Misconfigurations
Attack surfaces
Reviewing logs
User privileges
SSH keys
Demo
Attacking Server
Using Metasploit
Using Python
Windows App
PowerShell
Attack of the Data
WiFi Pineapple
WiFi Pineapple App
Hashcat
Contact Info
Split Data