Hi there 👋
I'm a defensive specialist and security researcher at FalconForce and specialize in understanding the attacker tradecraft and thereby improving detection.
I'm a Microsoft MVP and have presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences.
I maintain a blog at olafhartong.nl.
You can also find me on Twitter and LinkedIn.
If you're here for ETW tools, this is what I currently have:
| Description | Link |
|---|---|
| PockETWatcher – Lightweight ETW consumer | https://github.com/olafhartong/PockETWatcher |
| ETWhat – Provider mode enumeration tool | https://github.com/olafhartong/ETWhat |
| ETWLocksmith – Provider security analyzer | https://github.com/olafhartong/ETWLocksmith |
| autologgerAnalyzer – Autologger details | https://github.com/olafhartong/autologgerAnalyzer |
| ETWtop – Session performance monitoring | https://github.com/olafhartong/ETWtop |
| Provmon – ETW provider registration monitor tool | https://github.com/olafhartong/provmon/ |
| BamboozlEDR – ETW event emitting and BOFs | https://github.com/olafhartong/BamboozlEDR |
