diff --git a/.gitmodules b/.gitmodules
index bdfd8f1..86efee1 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -49,3 +49,6 @@
 [submodule "windows/UnhookMe"]
 	path = windows/UnhookMe
 	url = https://github.com/mgeeky/UnhookMe
+[submodule "red-teaming/CobaltSplunk"]
+	path = red-teaming/CobaltSplunk
+	url = https://github.com/mgeeky/CobaltSplunk
diff --git a/red-teaming/CobaltSplunk b/red-teaming/CobaltSplunk
new file mode 160000
index 0000000..69cfd3d
--- /dev/null
+++ b/red-teaming/CobaltSplunk
@@ -0,0 +1 @@
+Subproject commit 69cfd3da3dfe6524930d489ffa483b2b1b36f754
diff --git a/red-teaming/README.md b/red-teaming/README.md
index 4d0116c..818fc6d 100755
--- a/red-teaming/README.md
+++ b/red-teaming/README.md
@@ -52,6 +52,8 @@ cmstp.exe /ni /s cmstp.inf
 
 - **`cobalt-arsenal`** - A set of my published Cobalt Strike 4.0+ compatible aggressor scripts. That includes couple of my handy utils I've used on various engagements.
 
+- **`CobaltSplunk`** - Originally devised by [Vincent Yiu](https://github.com/vysecurity/CobaltSplunk), heavily reworked by me: a Splunk application that ingests, indexes and exposes several search operators to work with Cobalt Strike logs from within of a Splunk interface. Supports Cobalt Strike 4.3+ log files syntax. Gives a lot of flexibility to work with Teamserver log files, search through them, generate insightful reports/dashboards/pivot tables and much more.
+
 - [**`code-exec-templates`**](https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/code-exec-templates) - a small collection of template/backbone files for various code-execution techniques (VBScript/JScript embedded in HTA/SCT/XSL/VBS/JS)
 
 - **`compressedPowershell.py`** - Creates a Powershell snippet containing GZIP-Compressed payload that will get decompressed and executed (IEX)
diff --git a/windows/GlobalProtectDisable.exe b/windows/GlobalProtectDisable.exe
new file mode 100644
index 0000000..2d4e44c
Binary files /dev/null and b/windows/GlobalProtectDisable.exe differ