🚨 Still on your journey to mastering ASR rules?
Don’t sleep on ASRGEN 🛡️💥
⚡ Point. Click. Generate ASR rules.
🔍 Learn + test safely with built-in atomic simulations
📦 Export to Intune/GPO-ready formats
🎯 Built for defenders, by defenders
👀🔥
👉 asrgen.streamlit.app
📚 github.com/MHaggis/ASRGEN
Don’t sleep on ASRGEN 🛡️💥
⚡ Point. Click. Generate ASR rules.
🔍 Learn + test safely with built-in atomic simulations
📦 Export to Intune/GPO-ready formats
🎯 Built for defenders, by defenders
👀🔥
👉 asrgen.streamlit.app
📚 github.com/MHaggis/ASRGEN
GitHub - MHaggis/ASRGEN: ASR Configurator, Essentials and Atomic Testing
ASR Configurator, Essentials and Atomic Testing. Contribute to MHaggis/ASRGEN development by creating an account on GitHub.
github.com
August 21, 2025 at 7:36 AM
🚨 Still on your journey to mastering ASR rules?
Don’t sleep on ASRGEN 🛡️💥
⚡ Point. Click. Generate ASR rules.
🔍 Learn + test safely with built-in atomic simulations
📦 Export to Intune/GPO-ready formats
🎯 Built for defenders, by defenders
👀🔥
👉 asrgen.streamlit.app
📚 github.com/MHaggis/ASRGEN
Don’t sleep on ASRGEN 🛡️💥
⚡ Point. Click. Generate ASR rules.
🔍 Learn + test safely with built-in atomic simulations
📦 Export to Intune/GPO-ready formats
🎯 Built for defenders, by defenders
👀🔥
👉 asrgen.streamlit.app
📚 github.com/MHaggis/ASRGEN
🆕🐇 Just dropped a 1-hour rabbit hole dive into API playgrounds, mocks, & random nerdy finds 🤓
We started with ClickGrab, but then it turned into:
🐝 Beeceptor
🛠️ Mockbin
🧩 Zudoku
🔍 VirusTotal hunts
🤖 ChatGPT making OpenAPI bins & routes
Chaotic, nerdy, fun. Come hang out 👉 youtu.be/j7QE-6p9Y9Q
We started with ClickGrab, but then it turned into:
🐝 Beeceptor
🛠️ Mockbin
🧩 Zudoku
🔍 VirusTotal hunts
🤖 ChatGPT making OpenAPI bins & routes
Chaotic, nerdy, fun. Come hang out 👉 youtu.be/j7QE-6p9Y9Q
🚀 Fresh ClickGrab ✨ | Into the Rabbit Hole 🐇🌀
🔥 We started fresh with ClickGrab 🖱️✨ looking at some new stuff… but then the whole thing flipped upside down 🌀 and turned into a full-on rabbit hole deep dive 🕳️🐇
🔍 What we explored:
🐝…
youtu.be
August 20, 2025 at 7:36 AM
🆕🐇 Just dropped a 1-hour rabbit hole dive into API playgrounds, mocks, & random nerdy finds 🤓
We started with ClickGrab, but then it turned into:
🐝 Beeceptor
🛠️ Mockbin
🧩 Zudoku
🔍 VirusTotal hunts
🤖 ChatGPT making OpenAPI bins & routes
Chaotic, nerdy, fun. Come hang out 👉 youtu.be/j7QE-6p9Y9Q
We started with ClickGrab, but then it turned into:
🐝 Beeceptor
🛠️ Mockbin
🧩 Zudoku
🔍 VirusTotal hunts
🤖 ChatGPT making OpenAPI bins & routes
Chaotic, nerdy, fun. Come hang out 👉 youtu.be/j7QE-6p9Y9Q
🚨 New ASR rules are now GA:
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
ASRGEN
Access ASRGEN here on https://asrgen.streamlit.app/
asrgen.streamlit.app
April 14, 2025 at 8:15 PM
🚨 New ASR rules are now GA:
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
💰 The hunt begins…
The first drops for PowerShell-Hunter: Season 2 are coming SOON.
New tools. Smarter hunting. Sexier telemetry.
This isn’t just DFIR—it’s an evolution.
⚔️ Hunt smarter. Hunt harder.
⭐ github.com/MHaggis/Powe...
The first drops for PowerShell-Hunter: Season 2 are coming SOON.
New tools. Smarter hunting. Sexier telemetry.
This isn’t just DFIR—it’s an evolution.
⚔️ Hunt smarter. Hunt harder.
⭐ github.com/MHaggis/Powe...
April 14, 2025 at 12:02 PM
💰 The hunt begins…
The first drops for PowerShell-Hunter: Season 2 are coming SOON.
New tools. Smarter hunting. Sexier telemetry.
This isn’t just DFIR—it’s an evolution.
⚔️ Hunt smarter. Hunt harder.
⭐ github.com/MHaggis/Powe...
The first drops for PowerShell-Hunter: Season 2 are coming SOON.
New tools. Smarter hunting. Sexier telemetry.
This isn’t just DFIR—it’s an evolution.
⚔️ Hunt smarter. Hunt harder.
⭐ github.com/MHaggis/Powe...
🚨 PowerShell-Hunter Season 2 is coming 🚨
💥 More atomic tools
🧬 Smarter, faster log analysis
🤖 Machine learning meets lateral movement
😈 PowerShell so slick it should be illegal
You’re not ready—but you should be.
⭐ Star the repo or miss the magic:
💥 More atomic tools
🧬 Smarter, faster log analysis
🤖 Machine learning meets lateral movement
😈 PowerShell so slick it should be illegal
You’re not ready—but you should be.
⭐ Star the repo or miss the magic:
GitHub - MHaggis/PowerShell-Hunter: PowerShell tools to help defenders hunt smarter, hunt harder.
PowerShell tools to help defenders hunt smarter, hunt harder. - MHaggis/PowerShell-Hunter
github.com
April 10, 2025 at 5:40 PM
🚨 PowerShell-Hunter Season 2 is coming 🚨
💥 More atomic tools
🧬 Smarter, faster log analysis
🤖 Machine learning meets lateral movement
😈 PowerShell so slick it should be illegal
You’re not ready—but you should be.
⭐ Star the repo or miss the magic:
💥 More atomic tools
🧬 Smarter, faster log analysis
🤖 Machine learning meets lateral movement
😈 PowerShell so slick it should be illegal
You’re not ready—but you should be.
⭐ Star the repo or miss the magic:
🎉 Exciting News: PCA Analyzer is now part of the PowerShell-Hunter suite! 🚀
Check it out on GitHub: github.com/MHaggis/PowerShell-Hunter 💻
📺
Check it out on GitHub: github.com/MHaggis/PowerShell-Hunter 💻
📺
PCA Analyzer Demo: Uncover Hidden Windows Execution History | PowerShell-Hunter Toolkit
🔍 Discover the wealth of forensic evidence hiding in your Windows PCA logs!In this demonstration, I showcase the PCA Analyzer - a powerful forensic tool fro...
youtu.be
March 4, 2025 at 8:36 AM
🎉 Exciting News: PCA Analyzer is now part of the PowerShell-Hunter suite! 🚀
Check it out on GitHub: github.com/MHaggis/PowerShell-Hunter 💻
📺
Check it out on GitHub: github.com/MHaggis/PowerShell-Hunter 💻
📺
🔐 Windows Security and SDDL: What You Need to Know 🔐
Windows permissions misconfigurations are a goldmine for attackers. SDDL (Security Descriptor Definition Language) remains overlooked yet highly exploitable. 🚨
@nasbench.bsky.social and I break it down -->
🧵 (1/)
Windows permissions misconfigurations are a goldmine for attackers. SDDL (Security Descriptor Definition Language) remains overlooked yet highly exploitable. 🚨
@nasbench.bsky.social and I break it down -->
🧵 (1/)
February 21, 2025 at 3:55 PM
🔐 Windows Security and SDDL: What You Need to Know 🔐
Windows permissions misconfigurations are a goldmine for attackers. SDDL (Security Descriptor Definition Language) remains overlooked yet highly exploitable. 🚨
@nasbench.bsky.social and I break it down -->
🧵 (1/)
Windows permissions misconfigurations are a goldmine for attackers. SDDL (Security Descriptor Definition Language) remains overlooked yet highly exploitable. 🚨
@nasbench.bsky.social and I break it down -->
🧵 (1/)
🎄 Twas the night before JonMon, and all through the net,
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.
📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺
YouTube: youtube.com/watch?v=CqEhtg…
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.
📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺
YouTube: youtube.com/watch?v=CqEhtg…
https://youtube.com/watch?v=CqEhtg…
January 24, 2025 at 3:02 AM
🎄 Twas the night before JonMon, and all through the net,
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.
📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺
YouTube: youtube.com/watch?v=CqEhtg…
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.
📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺
YouTube: youtube.com/watch?v=CqEhtg…
Down to the end of my last Christmas blend, what do you recommend this holiday season? I typically get Red Rooster or Atomic.
www.redroostercoffee.com/products/goo...
atomicroastery.com/products/mer...
www.redroostercoffee.com/products/goo...
atomicroastery.com/products/mer...
Good Tidings - Holiday Sweet Coffee
With a delicious blast of candied fruit, Good Tidings warms up crisp mornings and brightens any breakfast! Sweet and syrupy with notes of orange ribbon candy, lilac, Amaretto, and Grand Marnier. Pair ...
www.redroostercoffee.com
December 7, 2024 at 2:11 PM
Down to the end of my last Christmas blend, what do you recommend this holiday season? I typically get Red Rooster or Atomic.
www.redroostercoffee.com/products/goo...
atomicroastery.com/products/mer...
www.redroostercoffee.com/products/goo...
atomicroastery.com/products/mer...
💡 Webshell Testing for Defenders 💡
Having automated tools to spin up web servers isn’t just convenient—it’s a game-changer for defenders. Here's why:
Having automated tools to spin up web servers isn’t just convenient—it’s a game-changer for defenders. Here's why:
November 27, 2024 at 6:13 PM
💡 Webshell Testing for Defenders 💡
Having automated tools to spin up web servers isn’t just convenient—it’s a game-changer for defenders. Here's why:
Having automated tools to spin up web servers isn’t just convenient—it’s a game-changer for defenders. Here's why:
🚨 Unlocking the Secrets of Braodo Stealer! 🚨
Dive into our latest blog where the Splunk Threat Research Team dissects the elusive Python malware and its sneaky obfuscated loader! 🐍🔍✨
🔓 Cracking the code of Braodo Stealer's obfuscation
Dive into our latest blog where the Splunk Threat Research Team dissects the elusive Python malware and its sneaky obfuscated loader! 🐍🔍✨
🔓 Cracking the code of Braodo Stealer's obfuscation
Cracking Braodo Stealer: Analyzing Python Malware and Its Obfuscated Loader | Splunk
The Splunk Threat Research Team break down Braodo Stealer's loader mechanisms, obfuscation strategies, and payload behavior.
www.splunk.com
November 27, 2024 at 2:46 PM
🚨 Unlocking the Secrets of Braodo Stealer! 🚨
Dive into our latest blog where the Splunk Threat Research Team dissects the elusive Python malware and its sneaky obfuscated loader! 🐍🔍✨
🔓 Cracking the code of Braodo Stealer's obfuscation
Dive into our latest blog where the Splunk Threat Research Team dissects the elusive Python malware and its sneaky obfuscated loader! 🐍🔍✨
🔓 Cracking the code of Braodo Stealer's obfuscation
"Things that get built on a Monday... 🤔
"'Haag do you have a easy way to build a Apache|NGINX|IIS server to easy simulate webshells?'
Hold my coffee... ☕
• 5-min Apache+PHP setup 🚀
• Drop-in webshell support 🎯
See you Tuesday! 😎
"'Haag do you have a easy way to build a Apache|NGINX|IIS server to easy simulate webshells?'
Hold my coffee... ☕
• 5-min Apache+PHP setup 🚀
• Drop-in webshell support 🎯
See you Tuesday! 😎
notes/utilities/ApachePHPBuild at master · MHaggis/notes
Full of public notes and Utilities. Contribute to MHaggis/notes development by creating an account on GitHub.
buff.ly
November 25, 2024 at 8:00 PM
"Things that get built on a Monday... 🤔
"'Haag do you have a easy way to build a Apache|NGINX|IIS server to easy simulate webshells?'
Hold my coffee... ☕
• 5-min Apache+PHP setup 🚀
• Drop-in webshell support 🎯
See you Tuesday! 😎
"'Haag do you have a easy way to build a Apache|NGINX|IIS server to easy simulate webshells?'
Hold my coffee... ☕
• 5-min Apache+PHP setup 🚀
• Drop-in webshell support 🎯
See you Tuesday! 😎
⚛️ Blast from the past Atomics on a Friday ⚛️
Attackers are weaponizing IIS modules for persistence, post-exploitation, and data theft.
Check out the blog + AOAF for more 🔥:
https://buff.ly/40UUWAI
Don’t wait—watch to strengthen your defenses:
Attackers are weaponizing IIS modules for persistence, post-exploitation, and data theft.
Check out the blog + AOAF for more 🔥:
https://buff.ly/40UUWAI
Don’t wait—watch to strengthen your defenses:
Atomics on a Friday Episode 4 IIS sassins
In this Atomics on a Friday, Paul and Michael will dive into IIS Components and showcase details on this stealthy technique and how adversaries abuse it.Refe...
buff.ly
November 22, 2024 at 5:15 PM
⚛️ Blast from the past Atomics on a Friday ⚛️
Attackers are weaponizing IIS modules for persistence, post-exploitation, and data theft.
Check out the blog + AOAF for more 🔥:
https://buff.ly/40UUWAI
Don’t wait—watch to strengthen your defenses:
Attackers are weaponizing IIS modules for persistence, post-exploitation, and data theft.
Check out the blog + AOAF for more 🔥:
https://buff.ly/40UUWAI
Don’t wait—watch to strengthen your defenses:
🌟 Living off GitHub: The Stargazers Ghost Network!🌐
🔥 I somehow missed this, but WOW—what a fascinating deep dive into a DaaS operation! 🚀 Fully automated, primed for quick Ops, and makes you wonder about the ones we haven’t uncovered yet. 👀
https://buff.ly/3LCYEIP 🚨
🔥 I somehow missed this, but WOW—what a fascinating deep dive into a DaaS operation! 🚀 Fully automated, primed for quick Ops, and makes you wonder about the ones we haven’t uncovered yet. 👀
https://buff.ly/3LCYEIP 🚨
Stargazers Ghost Network - Check Point Research
Check Point Research identified a network of GitHub accounts (Stargazers Ghost Network) that distribute malware or malicious links via phishing repositories. The network consists of multiple accounts…
buff.ly
November 20, 2024 at 5:07 PM
🌟 Living off GitHub: The Stargazers Ghost Network!🌐
🔥 I somehow missed this, but WOW—what a fascinating deep dive into a DaaS operation! 🚀 Fully automated, primed for quick Ops, and makes you wonder about the ones we haven’t uncovered yet. 👀
https://buff.ly/3LCYEIP 🚨
🔥 I somehow missed this, but WOW—what a fascinating deep dive into a DaaS operation! 🚀 Fully automated, primed for quick Ops, and makes you wonder about the ones we haven’t uncovered yet. 👀
https://buff.ly/3LCYEIP 🚨
🚀🔒 Validate Your AppLocker & WDAC Script Enforcement with ScriptHostTest.ps1! 🔒🚀
🔹 ✅ Validate AppLocker & WDAC: 🛡️ Test script execution in user & system paths seamlessly.
🔹 📝 Multiple File Types: Supports `.ps1`, `.bat` and more! 📂✨
Check it out here: https://buff.ly/3UVaJOm
🔹 ✅ Validate AppLocker & WDAC: 🛡️ Test script execution in user & system paths seamlessly.
🔹 📝 Multiple File Types: Supports `.ps1`, `.bat` and more! 📂✨
Check it out here: https://buff.ly/3UVaJOm
November 20, 2024 at 12:40 PM
🚀🔒 Validate Your AppLocker & WDAC Script Enforcement with ScriptHostTest.ps1! 🔒🚀
🔹 ✅ Validate AppLocker & WDAC: 🛡️ Test script execution in user & system paths seamlessly.
🔹 📝 Multiple File Types: Supports `.ps1`, `.bat` and more! 📂✨
Check it out here: https://buff.ly/3UVaJOm
🔹 ✅ Validate AppLocker & WDAC: 🛡️ Test script execution in user & system paths seamlessly.
🔹 📝 Multiple File Types: Supports `.ps1`, `.bat` and more! 📂✨
Check it out here: https://buff.ly/3UVaJOm
🔥 Master PowerShell Security with Event ID 4104! 🔥
An oldie but a goodie!
🚀 Why you NEED to read this: 👉 Spot the bad guys! Uncover malicious scripts hiding in plain sight.
🔗 Blog: https://buff.ly/3YTbF75
💾 Utility: https://buff.ly/3UTO0m4
💥 Level up your logging game NOW! ⬆️
An oldie but a goodie!
🚀 Why you NEED to read this: 👉 Spot the bad guys! Uncover malicious scripts hiding in plain sight.
🔗 Blog: https://buff.ly/3YTbF75
💾 Utility: https://buff.ly/3UTO0m4
💥 Level up your logging game NOW! ⬆️
notes/utilities/Invoke-SPLPowerShellAuditLogging.ps1 at master · MHaggis/notes
Full of public notes and Utilities. Contribute to MHaggis/notes development by creating an account on GitHub.
buff.ly
November 19, 2024 at 2:03 PM
🔥 Master PowerShell Security with Event ID 4104! 🔥
An oldie but a goodie!
🚀 Why you NEED to read this: 👉 Spot the bad guys! Uncover malicious scripts hiding in plain sight.
🔗 Blog: https://buff.ly/3YTbF75
💾 Utility: https://buff.ly/3UTO0m4
💥 Level up your logging game NOW! ⬆️
An oldie but a goodie!
🚀 Why you NEED to read this: 👉 Spot the bad guys! Uncover malicious scripts hiding in plain sight.
🔗 Blog: https://buff.ly/3YTbF75
💾 Utility: https://buff.ly/3UTO0m4
💥 Level up your logging game NOW! ⬆️
A Thanksgiving Turkey from STRT to you.
November 18, 2024 at 12:12 PM
A Thanksgiving Turkey from STRT to you.
💥 New Atomic Test ⚛️
Test your defenses against indirect command execution via RunMRU dialogs! 🖥️ Dive into Atomic Test #5 for T1202 and see if your analytics stack is ready to detect this sneaky tactic.
🚀 Get started:
Test your defenses against indirect command execution via RunMRU dialogs! 🖥️ Dive into Atomic Test #5 for T1202 and see if your analytics stack is ready to detect this sneaky tactic.
🚀 Get started:
buff.ly
November 16, 2024 at 2:12 PM
💥 New Atomic Test ⚛️
Test your defenses against indirect command execution via RunMRU dialogs! 🖥️ Dive into Atomic Test #5 for T1202 and see if your analytics stack is ready to detect this sneaky tactic.
🚀 Get started:
Test your defenses against indirect command execution via RunMRU dialogs! 🖥️ Dive into Atomic Test #5 for T1202 and see if your analytics stack is ready to detect this sneaky tactic.
🚀 Get started:
🔍💻 PowerShell Pro Tip! 💻🔍
Ever wondered what app opens specific file extensions on your Windows machine? 🤔 Sure, it’s not new, but it’s super handy! 💪
Use this PowerShell magic to find file extensions and their associated apps
Ever wondered what app opens specific file extensions on your Windows machine? 🤔 Sure, it’s not new, but it’s super handy! 💪
Use this PowerShell magic to find file extensions and their associated apps
getfileassoc.ps1
GitHub Gist: instantly share code, notes, and snippets.
buff.ly
November 15, 2024 at 7:52 PM
🔍💻 PowerShell Pro Tip! 💻🔍
Ever wondered what app opens specific file extensions on your Windows machine? 🤔 Sure, it’s not new, but it’s super handy! 💪
Use this PowerShell magic to find file extensions and their associated apps
Ever wondered what app opens specific file extensions on your Windows machine? 🤔 Sure, it’s not new, but it’s super handy! 💪
Use this PowerShell magic to find file extensions and their associated apps
Reposted by Haag
LOLDrivers are cool 😎
November 18, 2023 at 3:23 PM
LOLDrivers are cool 😎