I'm a defensive specialist and security researcher at FalconForce and specialize in understanding the attacker tradecraft and thereby improving detection.
I'm a Microsoft MVP and have presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences.
I maintain a blog at olafhartong.nl.
You can also find me on Twitter and LinkedIn.
If you're here for ETW tools, this is what I currently have:
| Description | Link |
|---|---|
| PockETWatcher β Lightweight ETW consumer | https://github.com/olafhartong/PockETWatcher |
| ETWhat β Provider mode enumeration tool | https://github.com/olafhartong/ETWhat |
| ETWLocksmith β Provider security analyzer | https://github.com/olafhartong/ETWLocksmith |
| autologgerAnalyzer β Autologger details | https://github.com/olafhartong/autologgerAnalyzer |
| ETWtop β Session performance monitoring | https://github.com/olafhartong/ETWtop |
| Provmon β ETW provider registration monitor tool | https://github.com/olafhartong/provmon/ |
| BamboozlEDR β ETW event emitting and BOFs | https://github.com/olafhartong/BamboozlEDR |
