Olivia
Online
Patrick Bareiß
@bareiss_patrick
Principal Security Research Engineer @Splunk Speaker: DeepSec Vienna, BlackHat Europe Arsenal
München, Bayern
Joined October 2015
1.1K Following
1.2K Followers
350 Posts
Pinned Tweet
The Attack Range solves two main challenges in development of detections:
- quickly build a small pre configured lab infrastructure as close as possible to your production environment
- perform attack simulation using Atomic Red Team
https://t.co/i8cpGJZNRz
@d1rkmtr You name yourself an open source develop in LinkedIn. Then you should be able to make a PR to
https://t.co/PBxXTzziF3
@DWdoesDFIR Atomic Red Team is getting installed on the Linux and windows server. MLTK need to be installed manually.
🚨 SAP NetWeaver Webshells Spotted: CVE-2025-31324 in the Wild 🚨
Multiple reports confirmed active exploitation of SAP NetWeaver Visual Composer vulnerabilities (CVE-2025-31324). Attackers are dropping lightweight JSP webshells like the ones shared by Onapsis, captured by ShellSweepX below 👇 — easy to miss, devastating if ignored.
🧹 Enter ShellSweepX — an open-source project from Splunk Threat Research Team built to help defenders proactively hunt, detect, and analyze webshells across their environments.
How ShellSweepX helps defenders:
🔹 Wide Coverage
Uses 300+ webshell-focused YARA rules across JSP, PHP, ASPX, and others — not just signatures, but entropy, anomaly, and obfuscation detection.
🔹 Lightweight, Flexible, and Scalable
ShellSweepX offers agent-based deployment across endpoints with a centralized management server to orchestrate sweeps. It supports webshell file collection, scheduled scans, and makes sweeping hundreds or thousands of systems seamless via API or web UI — all without heavy infrastructure requirements.
🔹 Integrated Threat Hunting
Detailed triage output lets you pivot immediately: showing entropy, size, matches, metadata, and AI-assisted file analysis to catch even stealthy or customized webshells.
🔹 Automation-Ready
Built with a REST API and frontend dashboard, ShellSweepX enables automatic sweeps, centralized hunting campaigns, and seamless integration into your existing IR playbooks and workflows.
Ref:
Onapsis: https://t.co/LJi8iy5EZM
Rapid7: https://t.co/gT2aKYCAAg
🔥 Full project and how to get started:
👉 ShellSweep: https://t.co/ainV651GPG
👉 ShellSweepX Blog: https://t.co/eEIX1vZmPH
Who to follow
SOC Prime
@SOC_Prime
AI-turbocharged detection intelligence. Enable line-speed cyberattack detection with AI trained on 11 years of Detection Intelligence.
Olaf Hartong
@olafhartong
@FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
Roberto Rodriguez 🇵🇪 
@Cyb3rWard0g
AI Security Researcher @nvidia | Prev: @Microsoft @awscloud | Founder of the @OTR_Community
Looking to secure your homelab #Kubernetes? This guide covers:
• Container security: Static code analysis, scanning, minimal base images
• Kubernetes hardening: RBAC, API security, etcd protection
• Testing tools: kube-bench, checkov, red-kube
https://t.co/wJtgVYcMZ7
SQL Server can be exploited for system access, persistence, and code execution. Our STRT team's blog shows how attackers abuse stored procedures, CLR assemblies, and registry modifications—while providing detection rules to catch them in action. https://t.co/JOpEzE8eb4
Latin American banking trojan Grandoreiro expands globally, targeting 1,500+ banks with:
• Sophisticated string encryption
• Domain generation algorithm for C2 comms
• Anti-sandbox techniques
• Registry persistence
• Outlook mail harvesting
https://t.co/gPnSE1cPHy
Critical RCE vulnerabilities in Ingress-Nginx Controller (CVE-2025-1974, CVSS 9.8) affect versions ≤1.12.0 and ≤1.11.4. The webhook service (port 8443) is exploitable. Check your cluster with: kubectl get ValidatingWebhookConfiguration -A
https://t.co/teELh8kJFx
Excited to share this blog about our improved https://t.co/wJY3WCLzyN!
📓https://t.co/8SBqI8VLOy
Already seeing 20K+ active users in just 30 days since soft launch!
Huge shoutout to @TyneDarke and the marketing team for this amazing piece, and to Lou Stella, @bareiss_patrick, @SnekCharmerr & the entire #STRT!
🧵1/4
New Splunk Attack Range got me like :
lol
https://t.co/6mxOvokO5Y
🚨 Big News for Splunk Attack Range Users! 🚨
We’ve just dropped a major update— @Snort 3 is now integrated into the Splunk Attack Range! 🎉🐍 Amazing work by @bareiss_patrick !
If you haven’t tried out Attack Range yet, it’s a breeze to get started! 🍃
Clone the repo: https://t.co/itpUefnVoz 📥
Run: python attack_range.py configure
to easily select server OSs, enable Snort3 or Zeek, and more! 💻⚙️
And guess what? Some extra goodies like BadBlood, domain-joined systems, and Kali are all waiting. 🎁💣 It’s like making it rain for your test environment! ☔💸
Once you’ve got everything set up, you’ll be diving into a fresh batch of data in Splunk in no time! 📊🔍
Happy hunting, and may the logs be ever in your favor! 🕵️♂️🔐
🚨LOLRMM Update 🚂
You thought we were done? Nope.
🔥 Deduplication efforts are in the works
🔥 Experts (@_josehelps) are reviewing the site code to ensure we deliver the most epic LOLRMM experience.
🔥 More and more RMMs are being completed (@Kostastsale @nas_bench )
🔥 Who wants more Sigma rules? Because, we got them. Autogenerated + easily found on individual RMM pages.
Hoping the efforts are final soon and we can get this out the door! Be warned, it's a lot of data and we'll need lots of community ❤️ to make this 100%.
Teaser:
Will be showing open source "Splunk Attack Range" at Black Hat Arsenal 2024 in Las Vegas with my colleague Patrick Bareiß @bareiss_patrick #strt #splunkattackrange #splunk #splunkthreatresearchteam #blackhatusa #blackhatarsenal #blackhat https://t.co/9MHghgXCEj
happy to share our latest #STRT Blog on #SnakeKeylogger! This includes the intriguing loader variant, Malware Analysis, TTPs we've extracted and a comprehensive list of our developed detections! 😊 #splunk #RE #int3 #blueteam #detectionengineering
https://t.co/DIsrhOGA84
🚨 #Splunk Threat Research Team Release 4.18.0!🚨
✨ Key Updates:
🛡️ Kubernetes Security: Advanced detections for containerized environment threats, including unusual access and abuse scenarios.
🔒 Enhanced MFA Security in PingID: 4 new detections by Steven D., addressing critical aspects of digital authentication security.
🧩 Rhysida Ransomware Analytic Story: In-depth analytics for detecting Rhysida group behaviors and tactics.
🔄 Updated Analytics & Stories: Including NjRAT, RedLine Stealer, and firewall modifications.
🔍 Dive into detailed detections for Kubernetes abuses, multi-factor authentication challenges, and ransomware tactics.
Release: https://t.co/iIMyuP9r4l
Content: https://t.co/OHMvMa7k0M
Learn how the Splunk Threat Research Team is revolutionizing detection engineering efficiency. Get a sneak peek into Security Content v4.0's features. Essential reading for detection engineers, security analysts, and team leaders.
https://t.co/P78XWvfpGE
I didn't want to mention it, but after my last SANS preso on hunting drivers, I've decided to build a site similar to LOLBAS project presenting all known vulnerable Windows drivers. More to come.
Until then, give it a follow.
https://t.co/IfUnrKsmxm
Splunk STRT researchers describe the different tactics, techniques and procedures mapped to the ATT&CK framework leveraged by Agent Tesla remote access trojan. https://t.co/GTiRELnejS
Last Seen Users on Sotwe
TUTSAK_ASK👢
Seen from Turkey
Trans Love ❤️
Seen from Turkey
ស្ទាវសាប់ក្ដ💦🥵
جورجينا 🫦
Seen from Saudi Arabia
ชายเเท้ ทักมา
Seen from Thailand
ConnectUttarakhand
Seen from Belgium
DB Thailand
Seen from Thailand
Gowri Siji mathews
Seen from India
+18 İÇERİK
Seen from Turkey
merry khan
Seen from United Arab Emirates
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers