Michael Haag's Blog Posts

Michael Haag is Principal Threat Research Enginer at Splunk. Michael led the development of Atomic Red Team, an open-source testing platform that security teams can use to assess detection coverage. An avid researcher, he is passionate about understanding and evaluating the limits of defensive systems. His background includes security analysis, threat research, and incident handling.

Take a SIP: A Refreshing Look at Subject Interface Packages
Security
10 Minute Read

Take a SIP: A Refreshing Look at Subject Interface Packages

Splunker Michael Haag dives into Subject Interface Packages (SIPs) and their role in Windows security, exploring how SIPs can be exploited by malicious actors to bypass security measures and sign malicious code.
Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs
Security
9 Minute Read

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

Splunk's Threat Research Team delves into the attack's components, usage of tools like Mockbin and headless browsers, and provides guidance on detecting such activities.
Follina for Protocol Handlers
Security
5 Minute Read

Follina for Protocol Handlers

The Splunk Threat Research Team shares how to identify protocol handlers on an endpoint, different ways to simulate adversary tradecraft that utilizes a protocol handler, and a piece of inspiring hunting content to help defenders identify protocol handlers being used in their environment.