Oddvar Moe
Principal Security Consultant
Experience
Oddvar has worked in the IT industry since 1999. Initially, he began as a consultant, helping a variety of public and private clients to implement Microsoft technology, before he sharpened his focused on security in 2012 as a malware reverser at a Security Operations Center. Since 2013, Oddvar has worked as a dedicated penetration tester. Oddvar has also taught many different courses and has been a Microsoft Certified Trainer. Within Microsoft technologies, Oddvar has expertise in products such as Microsoft Advanced Threat Analytics, Windows Defender Advanced Threat Protection, AppLocker, System Center Configuration Manager, Microsoft Deployment Toolkit, Active Directory, Group Policy, Microsoft Exchange, Windows operating system, and Remote Desktop Services.
Education & Certifications
- Microsoft MVP
- GIAC Penetration Tester (GPEN)
- Microsoft Certified Professional (MSCP)
- Microsoft Certified Technology Specialist
- Microsoft Certified Solutions Associate
- Microsoft Certified Systems Engineer
- Microsoft Certified Systems Administrator
Industry Contributions
Oddvar is an active blogger and speaker. He has spoken at conferences such as DerbyCon, IT DEV Connections, HackCon, Nordic Infrastructure Conference, and Paranoia. Oddvar also started the LOLBAS project and maintains the Ultimate AppLocker bypass list. Oddvar loves to research stuff and he has uncovered many different persistence techniques, code execution techniques, UAC bypasses, and AWL bypasses—he was even acknowledged for the discovery of CVE-2017-8625. Oddvar has been awarded the Microsoft MVP award for Data Center Management in the specialties of Enterprise Security since 2016, due to his community contributions.
Passion for Security
Oddvar is a technically oriented person who has a burning passion for security.
Recent Blog Posts
I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed...
Read
When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has an installed software named Glance, for my day-to-day work. The purpose of this software is to use the advanced web camera to figure out if you are speaking when the...
Read
One topic that has always been of interest to me is how users actually use their computers. While TrustedSec does have the ability to understand a system when we encounter it, there are still mysteries around normal user behavior. Understanding user behavior becomes even more important when attempting to defeat next generation of EDRs that...
Read
Recent Webinars
Join Senior Security Consultant and Microsoft MVP Oddvar Moe in a two-part webinar series as he walks through how to get started with AppLocker, go beyond the standard setup, and effectively harden the Windows client configuration. The webinar will detail...