MCTTP – Munich Cyber Tactics Techniques and Procedures

Oddvar Moe

Principal Security Consultant at aTrustedSec. Microsoft Security MVP, @Oddvarmoe

Oddvar is a Principal Security Consultant working as a Red Teamer in the Targeted Operations Group at TrustedSec. Working with Red Teaming towards Fortune 100 companies Oddvar has gained a lot of experience from some of the most secure customers in the world. He has more than 20 years of working experience in the IT industry and is passionate about Windows Security, so passionate that Microsoft has awarded him the Most Valuable Professional Award 8 years in row.

As a speaker he has delivered top notch sessions at conferences such as DerbyCon, IT Dev Connections, Paranoia, HackCon, Microsoft Security Week, MVP Dagen and Nordic Infrastructure Conference. He also actively contributes to the security community and he is most known for his contributions around the LOLBins/LOLBAS and the Ultimate AppLocker Bypasslist.

He has also discovered several weaknesses (CVE) in the Windows operating system and found several new persistence techniques that has since then been used by APT groups. Oddvar also actively blogs about techniques and release tools to the community.

Talks & Q&A

Conference | Sep 19

TTP Treasure Hunt: Mining VXUG for Red Team Tactics

Practical takeaways for turning malware research into red team wins.

Description

Malware authors and red teams share a common goal: bypassing defenses to achieve their objectives. Sites like vx-underground offer a treasure trove of malware source code, samples, and papers that reveal the latest TTPs used by real-world bad guys. In this talk, we’ll explore how red teams can mine these resources to enhance their own adversary emulation playbooks. From persistence to evasion, we’ll break down key findings from recent vx-underground papers, demonstrate their applicability in modern red teams, and discuss how these insights can challenge defense teams. Expect practical takeaways, maybe a demo or two, and a roadmap for turning malware research into red team wins—without needing a PhD in reverse engineering.

Why the committee chose this talk

Every security research can be used in a malicious way. Lets find out some new ideas.