I have been recruited by the Star League to defend the Frontier against Xur and the Ko-dan Armada
Joined July 2009
- Tweets 1,523
- Following 396
- Followers 1,297
- Likes 1,707
132 Photos and videos
Security Detections MCP 3.0 is LIVE
What started as a detection search MCP is now an autonomous detection engineering pipeline.
Agents now run a full workflow:
CTI → coverage analysis → detection generation → SIEM validation → PR staging
Pipeline example:
• CTI Analyst → extracts MITRE techniques from threat intel
• Coverage Analyzer → checks 7k detections across Sigma / Splunk / KQL / Elastic
• Detection Engineer → generates missing detections
• Atomic Executor SIEM Validator → tests detections
• PR Stager → prepares them for review
Multi-SIEM support:
Splunk • Sentinel • Elastic • Sigma
Open source 👇
Repo
github.com/MHaggis/Security-…
npm
npmjs.com/package/security-d…
Pulse MCP listing
pulsemcp.com/servers/mhaggis…
Watch the full demo:
youtu.be/03ZmD5cdfHI
5
84
440
27,383
William Metcalf retweeted
3 Feb 2025
39
147
55,436
Talk about ending the week on a high note. 🎉 With @Cisco's acquisition of @snapattackHQ now complete, we're looking forward to driving further Splunk innovation as we continue to deliver security solutions that support today's new era of SIEM. Read more here. #SplunkSecurity
5
20
2,996
9 Dec 2024
Enjoy punching phish? Experience writing detections for phish, using regex, Yara, etc., and looking to grow as a researcher within an experienced team? Join me and the rest of the Splunk Attack Analyzer Misfits of Detection Science. US only, fully remote splunk.com/en_us/careers/job…
6
4
1,596
10 Nov 2024
For the 2 people who probably care I took a stab at adding cert validation, SAN extraction, and missing/invalid certs. github.com/wmetcalf/rdp_holi…
2
6
318
“America.
Oasis is coming.
You have one last chance to prove that you loved us all along.”
Oasis will tour North America in 2025!
Register for the North American ticket pre-sale private ballot 👉OasisMusic.lnk.to/L25NAmPS
The pre-sale will take place Thursday, 3rd October.
Tickets go on general sale this Friday, 4th October at midday local venue time.
@CageTheElephant
480
1,910
13,425
1,567,298
“This is it, this is happening”
Tickets on sale this Saturday 31st August (🇮🇪8AM IST / 🇬🇧9AM BST)
Dates:
Cardiff Principality Stadium - 4th/5th July
Manchester Heaton Park - 11th/12th/19th/20th July
London Wembley Stadium - 25th/26th July & 2nd/3rd August
Edinburgh Scottish Gas Murrayfield Stadium - 8th/9th August
Dublin Croke Park - 16th/17th August
5,249
57,872
215,476
29,322,987
William Metcalf retweeted
25 Aug 2024
“Oi bruv me gonna nab some Oasis tickets innit”
137
1,946
26,842
1,571,991
Liam and Noel Gallagher seemingly confirmed that an Oasis reunion is happening after sharing a cryptic clip on social media on Sunday.
variety.com/2024/music/news/…
6
34
243
37,876
William Metcalf retweeted
2 Mar 2022
I've hosted several malware analysis workshops over the past few years, I've collected those on YouTube and added to the following playlist 👇
youtube.com/playlist?list=PL…
Samples from the workshops have been archived on Github:
👉 github.com/jstrosch/malware-…
5
91
294
Moar soon! Big updates coming
25 Jun 2024
New drivers have been added to @magicswordio LOLDrivers thanks to multiple community contributions. These include
- Chaos-Rootkit.sys a malicious driver used by Chaos-Rootkit
- wnBio.sys and GPU-Z.sys used by the RealBlindingEDR tool
- iobitunlocker.sys
- filwfp.sys, fildds.sys and filnk.sys were being used to Kill EDRs as reported by Sophos X-Ops.
You can check everything in full details loldrivers.io/
GGs to @M_haggis for cooking the PRs 🧙♂️
2
10
1,257
William Metcalf retweeted
18 Jun 2024
Happy to share this #STRT blog focusing on how attacker weaponized .LNK files in several phishing campaigns. In this blog we analyzed several malicious LNK to extract TTP’s for #detections and #simulation dev. enjoy reading!
#int3 #splunk #cisco
splunk.com/en_us/blog/securi…
34
55
7,490
William Metcalf retweeted
17 Apr 2024
Extremely proud of splunk.com/en_us/blog/securi… the latest blog on #WINELOADER by @tccontre18 @M_haggis and the #STRT team. My favorite things are:
⛓️ Super simple to understand the attack chain
🚗 [cue meme] this puppy fits soo many #atomicredteam tests
🛡️ Splunk detections!
1/x
1
15
35
5,245
William Metcalf retweeted
20 Mar 2024
On 14 Mar 2024 around 2115 UTC, #Gootloader changed the #JavaScript library it hides in to @ApacheECharts. The zip changed from around 720 KB to 5 MB. The .JS inside is now 22.5 MB. Created a new #YARA rule to detect it github.com/GootloaderSites/T…
5
9
1,061
🎉 Updated ASRGEN🚨
If you haven't been following along, Microsoft recently added two new ASR rules in preview.
- Block rebooting machine in Safe Mode (preview)
- Block use of copied or impersonated system tools (preview)
1. learn.microsoft.com/en-us/mi…
2. learn.microsoft.com/en-us/mi…
These are both under preview "This capability is currently in preview. Additional upgrades to improve efficacy are under development."
🤔but maybe you want to test them out? ⚛️
Check out the updated ASRGEN for 1 click gen to enable one or many for testing.
asrgen.streamlit.app/
asrgen.streamlit.app/ASR_Con…
1
17
32
9,127
William Metcalf retweeted
1 Mar 2024
new role opened for someone who loves crafting detections, threat intel, and all the goodness of smashing bad in email: jobs.careers.microsoft.com/g…
happy to answer any questions
6
9
1,952
William Metcalf retweeted
2 Feb 2024
We are scouting for reverse engineering talent to contribute to Microsoft’s intelligence mission: jobs.careers.microsoft.com/g…
I can’t guarantee you will understand the vast security data, but I can promise you will often be the first human defender to ever look at a certain malicious code. You have the opportunity (duty?) to create global protections for that malware – for enterprises and home users alike. Quite a few times, you will do this before it causes any harm.
Curiosity & ingenuity as important as technical experience.
If we have worked together (#FLARE 👀 or otherwise), please DM for questions.
1 Feb 2024
MSTIC is looking for Senior Security Researchers (Malware Reverse Engineers) in the US and Australia to join our MSTIC-RE team. This is an exciting opportunity to make a tangible difference in combating Nation State (NS/APT/DHA) and ransomware threats.
jobs.careers.microsoft.com/g…
10
69
188
128,222