Skip to content
View olafhartong's full-sized avatar
1.1k followers · 4 following

Achievements

Achievement: QuickdrawAchievement: YOLOAchievement: Arctic Code Vault ContributorAchievement: Starstruckx3Achievement: Pull Sharkx2

Achievements

Achievement: QuickdrawAchievement: YOLOAchievement: Arctic Code Vault ContributorAchievement: Starstruckx3Achievement: Pull Sharkx2

Highlights

  • Pro

Block or report olafhartong

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
olafhartong/README.md

Hi there 👋

I'm a defensive specialist and security researcher at FalconForce and specialize in understanding the attacker tradecraft and thereby improving detection.

I'm a Microsoft MVP and have presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences.

I maintain a blog at olafhartong.nl.

You can also find me on Twitter and LinkedIn.

If you're here for ETW tools, this is what I currently have:

Description Link
PockETWatcher – Lightweight ETW consumer https://github.com/olafhartong/PockETWatcher
ETWhat – Provider mode enumeration tool https://github.com/olafhartong/ETWhat
ETWLocksmith – Provider security analyzer https://github.com/olafhartong/ETWLocksmith
autologgerAnalyzer – Autologger details https://github.com/olafhartong/autologgerAnalyzer
ETWtop – Session performance monitoring https://github.com/olafhartong/ETWtop
Provmon – ETW provider registration monitor tool https://github.com/olafhartong/provmon/
BamboozlEDR – ETW event emitting and BOFs https://github.com/olafhartong/BamboozlEDR

Pinned Loading

  1. sysmon-modular Public

    A repository of sysmon configuration modules

    PowerShell 2.9k 637

  2. FalconForceTeam/FalconHound Public

    FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag…

    Go 818 57

  3. BamboozlEDR Public

    A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.

    Go 247 21

  4. ThreatHunting Public

    A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

    1.2k 180

  5. DefenderHarvester Public

    Expose a lot of MDE telemetry that is not easily accessible in any searchable form

    Go 111 7

  6. sysmon-cheatsheet Public

    All sysmon event types and their fields explained

    558 75