Oddvar Moe

Senior Security Consultant


Oddvar has worked in the IT industry since 1999. Initially, he began as a consultant, helping a variety of public and private clients to implement Microsoft technology, before he sharpened his focused on security in 2012 as a malware reverser at a Security Operations Center. Since 2013, Oddvar has worked as a dedicated penetration tester. Oddvar has also taught many different courses and has been a Microsoft Certified Trainer. Within Microsoft technologies, Oddvar has expertise in products such as Microsoft Advanced Threat Analytics, Windows Defender Advanced Threat Protection, AppLocker, System Center Configuration Manager, Microsoft Deployment Toolkit, Active Directory, Group Policy, Microsoft Exchange, Windows operating system, and Remote Desktop Services.

Education & Certifications

Microsoft MVP, GIAC GPEN, Microsoft Certified Professional, Microsoft Certified Technology Specialist, Microsoft Certified Solutions Associate, Microsoft Certified Systems Engineer, Microsoft Certified Systems Administrator

Microsoft MVP badge

Industry Contributions

Oddvar is an active blogger and speaker. He has spoken at conferences such as DerbyCon, IT DEV Connections, HackCon, Nordic Infrastructure Conference, and Paranoia. Oddvar also started the LOLBAS project and maintains the Ultimate AppLocker bypass list. Oddvar loves to research stuff and he has uncovered many different persistence techniques, code execution techniques, UAC bypasses, and AWL bypasses—he was even acknowledged for the discovery of CVE-2017-8625. Oddvar has been awarded the Microsoft MVP award for Data Center Management in the specialties of Enterprise Security since 2016, due to his community contributions.

Passion for Security

Oddvar is a technically oriented person who has a burning passion for security.

Recent Blog Posts

Finding a Privilege Escalation in the Intel Trusted Connect Service Client

In this post, we will cover a privilege escalation that I found in the Intel Trusted Connect Service Client. The Connect Service Client is part of Intel Management Engine Components and is designed to permit a non-privileged user to become system. After communicating with Intel about the vulnerability, it was discovered that this was already...

Playing With Old Hacks

Recently, I was prepping for a session and wanted to show the old hack where you boot into a Windows setup using a USB stick and change out the utilman.exe with cmd.exe. Utilman.exe is the binary behind this icon here on the logon screen: Figure 1 – Icon for Utilman.exe First, follow these instructions to...

Discovering the Anti-Virus Signature and Bypassing It

In this post, I am going to go over how to find the specific Anti-Virus signature using manual testing and then show techniques that can be used to bypass them. I am a big fan of LOLBins so we are going to focus on the binary Regsvr32, which is a known binary that can be...
View all posts from Oddvar

Recent Webinars

Unleashing the Power of AppLocker: How to Get Started and Go Beyond the Basics

Join Senior Security Consultant and Microsoft MVP Oddvar Moe in a two-part webinar series as he walks through how to get started with AppLocker, go beyond the standard setup, and effectively harden the Windows client configuration. The webinar will detail...
View all webinars from Oddvar

Recent Podcasts

Oddvar Moe

Want to work with Oddvar Moe or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us