SIGRed - Monitoring and Detecting with Splunk

Nebraska 402 Splunk User Group
Thu, Aug 13, 2020, 2:00 PM (CDT)

Check out what happened

About this event

UPDATE: Due to an error by me on timezones, I have adjusted the time of the event.  Sorry about this and I hope everyone can still make it.

On July 17th a blog was posted on Splunk site that caught my eye with a title of "Checking for SIGRed (CVE-2020-1350) and CISA ED 20-03 with Splunk".  For those who haven’t heard about CVE-2020-1350, it is an unauthenticated, remote code execution (RCE) vulnerability in Microsoft Windows Domain Name System (DNS) servers. Successful exploitation allows attackers to run any code they want with local SYSTEM access. RCEs are bad vulnerabilities, unauthenticated ones are even worse. Pair this with one of the most common authentication platforms (Microsoft Active Directory), and you’re in for a world of hurt.

Featured Presentation



Thursday, Aug 13
2:00 PM - 3:00 PM (CDT)


  • Tony Reinke

    Tony Reinke

    Product Advocacy Manager

    See Bio