Article Describes Attack on Splunk Surveillance System to Compromise Windows Server

The article describes an attack on the Splunk surveillance system to compromise a Windows server. Exploiting a vulnerability in Splunk allows attackers to obtain login credentials. Subsequently, permissions are exploited to compromise multiple user accounts. To elevate privileges, the Splunk administrator account is compromised and a module is added to establish a privileged session.