Michael Haag's repositories
sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
CBR-Queries
Collection of useful, up to date, Carbon Black Response Queries
ShellSweep
ShellSweeping the evil.
AppLockerGen
AppLocker Policy Generator
UltimateAppLockerByPassList
The goal of this repository is to document the most common techniques to bypass AppLocker.
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
amsi-tracer
Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
tomcat-jmxproxy-rce-exp
Apache Tomcat JMXProxy RCE
AtomicTestHarnesses
Public Repo for Atomic Test Harness
attack_range_local
Build a attack range in your local machine
BlackLotus
BlackLotus UEFI Windows Bootkit
CVE-2024-4040
Scanner for CVE-2024-4040
gdrv-loader
Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities) to load a unsigned driver
signature-base
YARA signature and IOC database for my scanners and tools
SnakeMalware
Scripts and References for Snake Malware