Former Principal Threat Researcher

Michael Haag

Michael has more than a decade of experience in security architecture and operations. His specialties include advanced threat hunting and investigations, testing, and technological evaluations and integrations. At Red Canary, he worked alongside customers to address their organization’s unique security needs with strategic vision, research, and technical expertise.
What is normal? Profiling System32 binaries to detect DLL Search Order Hijacking
Testing adversary technique variations with AtomicTestHarnesses
Upended Overnight: Facing Threats to Banking and Finance Webinar
Testing initial access with “Generate-Macro” in Atomic Red Team
Tracking driver inventory to unearth rootkits
Four tools to consider if you’re adopting ATT&CK
How to Test Your Security Controls Using Atomic Red Team
5 Ways Carbon Black Response Data in Splunk Can Improve Your Security