Black Hat USA 2023
Booth 1940

August 5-10  |  Las Vegas, Nevada  |  Mandalay Bay
Splunk is proud to be a Platinum Plus sponsor at Black Hat USA 2023 and we’d love to connect with you in Las Vegas. Stop by our booth for a demo or to watch one of our presentations and see how Splunk helps deliver unified security operations for digital resilience.

Splunk Welcome Event at Black Hat 2023

We know a great conference can't happen without some lively tunes, kickin' views, and fun. Flanker Kitchen + Sports Bar features a sick karaoke bar full of cool & moody vibes. Grab your co-workers and head over to the Splunk Welcome Event to sing the security tunes.

Flanker Kitchen

Bluenomicon: The Network Defender’s Compendium

A book for blue teamers by blue teamers

The SURGe team at Splunk tapped into their network to compile essays from cybersecurity leaders across the globe. Bluenomicon provides readers with cybersecurity leadership strategies, practical guidance for incident investigation and response, and some cybersecurity anecdotes.

Stop by the booth to hear more about the book from SURGe and some of the authors and to pick up your official copy of Bluenomicon while supplies last! Swing by on Wednesday night from 5-6PM during the welcome reception for Brews & Books; we’ll have a live presentation, drinks and book signing from the authors!


Navigating the Abyss: Confronting Windows Rootkits

Wednesday, August 9, 2023 from 10:20AM - 10:40AM (Mandalay Bay L)

Rod Soto

Rod Soto

Principal Threat Researcher, Splunk

In the turbulent seas of cybersecurity, defense often finds itself contending with an array of surface-level ATT&CK techniques. Yet, beneath the waves, a more nefarious enemy lurks: Windows rootkits. These sophisticated tools of cyber warfare can persist in user or kernel levels, or even lower, providing adversaries with the means to persistently hijack systems. As defenders, the question we must answer is not only 'how do we defend?' but also 'where, and against what, do we defend?' This talk is aimed at equipping attendees with an in-depth understanding of Windows driver rootkits, providing effective strategies to identify suspicious drivers, and shedding light on contemporary approaches to rootkit defense. Dive deep into the shadowy depths of rootkit warfare, and emerge with the knowledge to navigate these turbulent waters.

Booth Presentations

Stop by Booth 1940 to learn more about Splunk and our featured Partners.

Date & Time Title
August 9, 10:00am Security Automation Made Easy with Splunk SOAR
August 9, 10:30am ShellSweep: Hunting Web Shells with ChatGPT, Splunk and Math
August 9, 11:00am Rapid Detection and Incident Scoping with Splunk Enterprise Security
August 9, 11:30am Attack Simulation Tips Using Splunk Attack Range
August 9, 12:00pm Resilience with End to End Zero Trust
August 9, 12:30pm Take the Manual Work out of Threat Analysis with Splunk Attack Analyzer
August 9, 1:00pm Securing the Cloudscape: Resilient Multi-Cloud Detection Engineering
August 9, 1:30pm Unify Your Security Operations with Splunk Mission Control
August 9, 2:00pm Solve the Security Data Normalization Problem with OCSF
August 9, 2:30pm Behind the Browser: Chrome Extension Risk Analysis
August 9, 3:00pm Using Splunk Attack Range for Detection Engineering
August 9, 3:30pm Securing your CI/CD pipeline with Splunk
August 9, 4:00pm SURGe PEAK Threat Hunting Framework
August 9, 5:00pm Brews & Books with SURGe
Bluenomicon: The Network Defender's Compendium
August 10, 10:00am Building Detections with ChatGPT
August 10, 10:30am Take the Manual Work out of Threat Analysis with Splunk Attack Analyzer
August 10, 11:00am SURGe Security Insider with @MalwareJake
August 10, 11:30am Solve the Security Data Normalization Problem with OCSF
August 10, 12:00pm Leveraging Exposure Insights for Unified Security Operations
August 10, 12:30pm Follow the Money...Fraud Analytics with Splunk
August 10, 1:00pm Detection as Code: Bringing Version Control (and More) to Your Content
August 10, 1:30pm Unify Your Security Operations with Splunk Mission Control
August 10, 2:00pm contentctl: Automated Detection as Code CI/DI Pipelines for Your Splunk Content
August 10, 2:30pm SURGe Security Insider with Jo Peterson (@cleartechtoday)
August 10, 3:00pm Security, SAP and Splunk. Splendid!

Unify Security Operations with Splunk Mission Control

Lorem ipsum dolor sit amet

By entering in the raffle, you are agreeing to the Sweepstakes Rules.

Secondary Button

image description
image description
image description

Lorem ipsum dolor sit amet

Pellentesque non magna eget ex lobortis finibus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam nec arcu non eros hendrerit viverra a vitae libero. Etiam et ultricies nulla. Donec euismod lectus magna, eu dignissim mauris hendrerit vulputate.

Secondary Button