Oddvar Moe

Senior Security Consultant


Oddvar has worked in the IT industry since 1999. Initially, he began as a consultant, helping a variety of public and private clients to implement Microsoft technology, before he sharpened his focused on security in 2012 as a malware reverser at a Security Operations Center. Since 2013, Oddvar has worked as a dedicated penetration tester. Oddvar has also taught many different courses and has been a Microsoft Certified Trainer. Within Microsoft technologies, Oddvar has expertise in products such as Microsoft Advanced Threat Analytics, Windows Defender Advanced Threat Protection, AppLocker, System Center Configuration Manager, Microsoft Deployment Toolkit, Active Directory, Group Policy, Microsoft Exchange, Windows operating system, and Remote Desktop Services.

Education & Certifications

Microsoft MVP, GIAC GPEN, Microsoft Certified Professional, Microsoft Certified Technology Specialist, Microsoft Certified Solutions Associate, Microsoft Certified Systems Engineer, Microsoft Certified Systems Administrator

Microsoft MVP badge

Industry Contributions

Oddvar is an active blogger and speaker. He has spoken at conferences such as DerbyCon, IT DEV Connections, HackCon, Nordic Infrastructure Conference, and Paranoia. Oddvar also started the LOLBAS project and maintains the Ultimate AppLocker bypass list. Oddvar loves to research stuff and he has uncovered many different persistence techniques, code execution techniques, UAC bypasses, and AWL bypasses—he was even acknowledged for the discovery of CVE-2017-8625. Oddvar has been awarded the Microsoft MVP award for Data Center Management in the specialties of Enterprise Security since 2016, due to his community contributions.

Passion for Security

Oddvar is a technically oriented person who has a burning passion for security.

Recent Blog Posts

Playing With Old Hacks

Recently, I was prepping for a session and wanted to show the old hack where you boot into a Windows setup using a USB stick and change out the utilman.exe with cmd.exe. Utilman.exe is the binary behind this icon here on the logon screen: Figure 1 – Icon for Utilman.exe First, follow these instructions to...

Discovering the Anti-Virus Signature and Bypassing It

In this post, I am going to go over how to find the specific Anti-Virus signature using manual testing and then show techniques that can be used to bypass them. I am a big fan of LOLBins so we are going to focus on the binary Regsvr32, which is a known binary that can be...
hacker blog graphic

Next Gen Phishing – Leveraging Azure Information Protection

In this blog post, I will go over how to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker. The idea came during an engagement where I was having trouble getting phishing emails into users’ inboxes without being caught by a sandbox on the way. During this engagement, it...
View all posts from Oddvar

Recent Webinars

Unleashing the Power of AppLocker: How to Get Started and Go Beyond the Basics

Register Now Join Senior Security Consultant and Microsoft MVP Oddvar Moe in a two-part webinar series as he walks through how to get started with AppLocker, go beyond the standard setup, and effectively harden the Windows client configuration. The webinar...
View all webinars from Oddvar

Recent Podcasts

Oddvar Moe

Want to work with Oddvar Moe or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us