Michael Haag

Michael Haag is Principal Threat Research Enginer at Splunk. Michael led the development of Atomic Red Team, an open-source testing platform that security teams can use to assess detection coverage. An avid researcher, he is passionate about understanding and evaluating the limits of defensive systems. His background includes security analysis, threat research, and incident handling.

Security 14 Min Read

Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time

Explore SDDL in Windows security with our comprehensive guide to help enhance your defensive strategy against privilege escalation attacks.

Security 11 Min Read

Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion

The Splunk Threat Research Team dives into the Okta policy bypass vulnerability, offering detection insights and effective hunting strategies for security teams.

Security 10 Min Read

CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

The Splunk Research Team dissects the technical intricacies of the CosmicSting vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.

Security 14 Min Read

PowerShell Web Access: Your Network's Backdoor in Plain Sight

The Splunk Threat Research Teams dives deep into PowerShell Web Access (PSWA) exploring its functionality within the context of cyber threats.

Security 8 Min Read

The Final Shell: Introducing ShellSweepX

The Splunk Threat Research Team is excited to announce the final tool in the ShellSweep collection: ShellSweepX.

Security 14 Min Read

Introducing ShellSweepPlus: Open-Source Web Shell Detection

Detect web shells easily with ShellSweepPlus, an open-source tool for detecting potential web shells. Learn how ShellSweepPlus works and how to use it here.