Skip to content
View olafhartong's full-sized avatar


  • Pro
Block or Report

Block or report olafhartong

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Hi there 👋

I'm a defensive specialist and security researcher at FalconForce and specialize in understanding the attacker tradecraft and thereby improving detection.

I'm a Microsoft MVP and have presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences.

I maintain a blog at

You can also find me on Twitter and LinkedIn.

Pinned Loading

  1. sysmon-modular sysmon-modular Public

    A repository of sysmon configuration modules

    PowerShell 2.6k 577

  2. FalconForceTeam/FalconHound FalconForceTeam/FalconHound Public

    FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag…

    Go 715 45

  3. ThreatHunting ThreatHunting Public

    A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

    1.1k 175

  4. sysmon-cheatsheet sysmon-cheatsheet Public

    All sysmon event types and their fields explained

    519 73

  5. WDACme WDACme Public

    A WDAC configuration repository with the sole intention of enriching MDE


  6. DefenderHarvester DefenderHarvester Public

    Expose a lot of MDE telemetry that is not easily accessible in any searchable form

    Go 89 4