Olaf Hartong

Olaf Hartong

Olaf Hartong

FalconForce | DFIR | Threat hunter | Data Dweller | Splunk | Sysmon | Microsoft MVP

Editor of FalconForce and BlueTeamLabs

Featured

Jun 7, 2018 · 5 min read

Endpoint detection Superpowers on the cheap — part 1

Image for post

Image for post

378

2 responses

Latest

Olaf Hartong in FalconForce

Sep 18 · 4 min read

Image for post

Image for post

Sysmon 12.0 — EventID 24

Sysmon 12 is out, with a new event ID: number 24. A very useful new feature, clipboard monitoring.

40

Olaf Hartong in FalconForce

Sep 11 · 4 min read

Image for post

Image for post

FalconFriday — Detecting Certutil and suspicious code compilation- 0xFF02

We believe there isn’t…

7

Olaf Hartong in FalconForce

Aug 28 · 5 min read

Image for post

Image for post

FalconFriday — Detecting Malicious Browser Extensions and code signing- 0xFF01

13

1 response

Olaf Hartong in FalconForce

Jul 16 · 8 min read

Image for post

Image for post

Using Azure Pipelines to validate my Sysmon configuration

56

Olaf Hartong in FalconForce

Jun 24 · 3 min read

Image for post

Image for post

Sysmon 11.1 Bug fixes, a schema update and a new field

14