Skip to content


  • Pro


Block or Report

Block or report olafhartong

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Hi there 👋

I'm a defensive specialist and security researcher at FalconForce and specialize in understanding the attacker tradecraft and thereby improving detection.

I'm a Microsoft MVP and have presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences.

I maintain a blog at

You can also find me on Twitter and LinkedIn.


  1. A repository of sysmon configuration modules

    PowerShell 1.8k 407

  2. A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

    942 165

  3. My conference presentations

    42 8

  4. All sysmon event types and their fields explained

    467 61

  5. WDACme Public

    A WDAC configuration repository with the sole intention of enriching MDE


  6. A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

    PowerShell 314 61

134 contributions in the last year

Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Mon Wed Fri

Contribution activity

July 2022

Created 2 commits in 1 repository

Seeing something unexpected? Take a look at the GitHub profile guide.