Weaponizing Splunk: Using Blue Teams for Evil

BSidesCharm 2017

Presented by: Ryan Hays
Date: Saturday April 29, 2017
Time: 12:00 - 13:00
Location: Track 2

Splunk is a log aggregation and correlation tool that is normally used for defensive analysis and infrastructure management. What if Attackers could use this same tool against the blue team? During this presentation, I will discuss creative uses that penetration testers and Red Teamers can use to gain more access and move laterally within an organization.

Ryan Hays

Ryan is the Director of Security Engineering at TBG Security. With 15 years of experience in the IT field, he has worked in a variety of capacities, currently specializing in offensive security and threat emulation techniques. During his career, he has worked with a multitude of Fortune 500 and 1000 companies, along with various U.S. Government Intelligence agencies. Ryan takes pride in giving back to the infosec community by presenting at multiple conferences as well as providing training and mentorship to people across the globe. Training Sessions BSidesCharm is excited to host free training for attendees again for 2017. This year we've been able to increase to five trainings sessions in total across Saturday and Sunday!


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats