Pinned Repositories
app_splunk_sysmon_hunter
Splunk App to assist Sysmon Threat Hunting
ASRGEN
ASR Configurator, Essentials and Atomic Testing
bookish-happiness
OG Atomic Red Team
CBR-Queries
Collection of useful, up to date, Carbon Black Response Queries
hunt-detect-prevent
Lists of sources and utilities utilized to hunt, detect and prevent evildoers.
notes
Full of public notes and Utilities
ShellSweep
ShellSweeping the evil.
sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
sysmon-splunk-app
Sysmon Splunk App
MHaggis's Repositories
MHaggis/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
MHaggis/notes
Full of public notes and Utilities
MHaggis/ShellSweep
ShellSweeping the evil.
MHaggis/PowerShell-Hunter
PowerShell tools to help defenders hunt smarter, hunt harder.
MHaggis/ASRGEN
ASR Configurator, Essentials and Atomic Testing
MHaggis/AppLockerGen
AppLocker Policy Generator
MHaggis/sigZap
SigZap is a Streamlit application designed to facilitate the search across multiple network signature sets at once.
MHaggis/HeapLeakDetection
MHaggis/UltimateAppLockerByPassList
The goal of this repository is to document the most common techniques to bypass AppLocker.
MHaggis/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
MHaggis/attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
MHaggis/LLM
LLM tools and toys
MHaggis/MHaggis
MHaggis/tomcat-jmxproxy-rce-exp
Apache Tomcat JMXProxy RCE
MHaggis/AtomicLua
A combination of OffensiveLua and Learning Lua - By Defenders, for Defenders
MHaggis/AtomicTestHarnesses
Public Repo for Atomic Test Harness
MHaggis/BlackLotus
BlackLotus UEFI Windows Bootkit
MHaggis/CVE-2024-4040
Scanner for CVE-2024-4040
MHaggis/DrvLoader
A post exploitation utility for loading signed kernel drivers using both the undocumented NtLoadDriver function and by directly interfacing with the Windows Service Control Manager (SCM)
MHaggis/gdrv-loader
Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities) to load a unsigned driver
MHaggis/grab_beacon_config
MHaggis/HackerArt
A collection of art inspired by the world of cybersecurity and hacking culture.
MHaggis/HVCI-loldrivers-check
MHaggis/InstallerFileTakeOver
MHaggis/Invoke-PrintDemon
MHaggis/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
MHaggis/mockbin
Mock, Test & Track HTTP Requests and Response for Microservices
MHaggis/sigma
Generic Signature Format for SIEM Systems
MHaggis/signature-base
YARA signature and IOC database for my scanners and tools
MHaggis/SnakeMalware
Scripts and References for Snake Malware