Olaf Hartong

Defensive Specialist - FalconForce

Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specializes in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects. Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular. He maintains a blog at https://olafhartong.nl

Back to speakers list


Endpoint Detection Super Powers on the cheap, with Sysmon and Splunk

Based on my experience as a blue- and purple teamer I wanted to create a workflow toolkit for anyone with access to Splunk to get started with a set of tools that enables them to hit the ground running on a tight budget without compromising on quality. I will explain the pain of lacking visibility in a common Enterprise environment. I'll introduce how I use the MITRE ATT&CK framework as the foundation of the talk. Next I'll present my modular Sysmon configuration that covers over 115 ATT&CK techniques. I will present my hunting app, which contains over 125 searches and over 10 dashboard

Language: English

Level: Intermediate

Videos and slides not available

Main Sponsor