Detection Engineering for Windows

Back to the list of Speakers and Sessions

The Intrusion Operations class provides students a unique opportunity to learn and implement real-world techniques used by advanced adversaries. An attacker can easily break into an organization by abusing misconfigurations, but the inverse also applies - defenders can easily detect red teams and malicious actors using commodity malware, default indicators, and more. You will learn how to overcome enterprise defenses and hardened infrastructure. You will leverage custom tooling and advanced configurations to break into a simulated corporate network and develop targeted malware profiles to remain undetected. You will leave this class with the skills and tools to develop custom tradecraft for long term persistence.


Olaf Hartong Co-Founder & Defensive Specialist, FalconForce

Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specialises in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects.

Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular.

Gijs Hollestelle Co-Founder & Security Specialist, FalconForce

Gijs Hollestelle is specialized in advanced offensive and defensive capabilities. Gijs spent the last 15 years working in various technical security related roles related to ethical hacking, red teaming, cryptography, blue teaming and secure coding. Apart from solving technical challenges in the cyber security area he also enjoys teaching others to do the same. He is also an avid CTF player, competing at the highest level with multiple CTF teams including Eindbazen and Hack.ERS.

Henri Hambartsumyan Co-Founder & Red Teamer, FalconForce

Henri Hambartsumyan is an experienced technical security professional, with 10 years of technical security experience. Henri started his career as pentester and moved to the more advanced pentesting projects. Later he started executing "covert operations", which the industry later dubbed to "red teaming". In the recent years, Henri has performed countless red team operations amongst which 4 TIBER exercises. Next to projects, Henri spent most off-time in developing AV bypasses for future ops. The last year, Henri has taken an interest in blue teaming, especially in detecting more advanced tradecraft in a realistic way. Due to his in-depth understanding of the tradecraft, he currently develops detection rules for advanced attacks as part of blog series FalconFriday and for clients. Next to this, he is still active in performing red teams.