false
Michael Haag

Michael Haag

Michael Haag is Principal Threat Research Enginer at Splunk. Michael led the development of Atomic Red Team, an open-source testing platform that security teams can use to assess detection coverage. An avid researcher, he is passionate about understanding and evaluating the limits of defensive systems. His background includes security analysis, threat research, and incident handling.

Security 12 Min Read

Beyond the Patch: SharePoint Exploits and the Hidden Threat of IIS Module Persistence

The cybersecurity landscape witnessed a perfect storm in July 2025 when multiple critical SharePoint vulnerabilities collided with sophisticated IIS module-based persistence techniques, creating a nightmare scenario for enterprise defenders.
Security 10 Min Read

CitrixBleed 2: When Memory Leaks Become Session Hijacks

Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild.
Security 13 Min Read

Beyond The Click: Unveiling Fake CAPTCHA Campaigns

Learn how clipboard hijacking delivers malware and explore tools like ClickGrab & PasteEater for robust defense strategies.
Security 14 Min Read

Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time

Explore SDDL in Windows security with our comprehensive guide to help enhance your defensive strategy against privilege escalation attacks.
Security 11 Min Read

Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion

The Splunk Threat Research Team dives into the Okta policy bypass vulnerability, offering detection insights and effective hunting strategies for security teams.
Security 10 Min Read

CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

The Splunk Research Team dissects the technical intricacies of the CosmicSting vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.