Skip to Main Content

Oddvar Moe

Principal Security Consultant

Oddvar Moe has worked in the IT industry since 1999. Initially, he began as a Microsoft consultant, helping a variety of public and private clients to implement Microsoft technology, before he sharpened his focused on security in 2012 as a malware reverser at a Security Operations Center. Since 2013, Oddvar has worked dedicatedly with offensive security either doing penetration tests or red teams. 

Oddvar has also taught many different courses and has been an active Microsoft Certified Trainer for many years. Within the setup of Microsoft technologies, Oddvar has expertise in products such as Advanced Threat Analytics, Windows Defender Advanced Threat Protection, AppLocker, System Center Configuration Manager, Deployment Toolkit, Active Directory, Group Policy, Exchange, Windows operating systems, and Remote Desktop Services. Oddvar currently works as a red teamer in the Targeted Operations Group at TrustedSec. While red teaming for Fortune 100 companies, Oddvar has gained a lot of experience from some of the most secure customers in the world. In total, he has more than 20 years of working experience in the IT industry and is passionate about Windows Security—so passionate, in fact, that Microsoft has awarded him the Most Valuable Professional Award for eight (8) years in row.


  • Microsoft MVP
  • GIAC Penetration Tester (GPEN)
  • Microsoft Certified Professional (MSCP)
  • Microsoft Certified Technology Specialist (MCTS)
  • Microsoft Certified Solutions Associate (MCSA)
  • Microsoft Certified Systems Engineer (MCSE)
  • Microsoft Certified Systems Administrator (MCSA)

As a speaker, Oddvar has delivered top-notch sessions at conferences such as DerbyCon, IT Dev Connections, Paranoia, MVP Day, HackCon, Microsoft Security Week, and the Nordic Infrastructure Conference.

Oddvar actively contributes to the security community and is most known for his contributions around the LOLBins/LOLBAS and the Ultimate AppLocker Bypasslist. He also loves to research stuff and has uncovered many different persistence and code execution techniques, UAC bypasses, and AWL bypasses over the years that have since been used by APT groups. Oddvar also has a few CVEs to his record, such as CVE-2017-8625 and CVE-2022-24696.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog September 05 2023

Creative Process Enumeration

Very often in engagements, you'll want to list out processes running on a host. One thing that is beneficial is to know is if the processes is a 64-bit or…

Read about this article
Blog March 17 2023

Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)

Threat Overview Earlier this week, Microsoft released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire…

Read about this article
Blog May 10 2022

Diving into Pre-Created Computer Accounts

I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of…

Read about this article
Blog March 11 2022

CVE-2022-24696 - Glance by Mirametrix Privilege Escalation

When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has…

Read about this article
Webinars February 12 2020

Unleashing the Power of AppLocker: How to Get Started and Go Beyond the Basics

Join Senior Security Consultant and Microsoft MVP Oddvar Moe in a two-part webinar series as he walks through how to get started with AppLocker, go beyond the…

Read about this article
Training Resources May 02 2024

Actionable Purple Team Simulation Online Training (May 2-3)

Learn how to create specific detections to identify early Indicators of Compromise (IOCs) in our online course. Designed for those looking to improve their…

Read about this article
Events Kennedy Space Center, Florida | April 10 2024

Hack Space Con 2024

Founder and CEO David Kennedy is the keynote speaker at this year's Hack Space Con! We are also proud to sponsor this event.

Read about this article
Webinars March 06 2024

Ask Me Anything: Securing Defense Contracts Through CMMC Compliance

Join Chris Camejo, Practice Lead, Advisory's Compliance Services, and Rick Yocum, Managing Director of Advisory Services, for an ‘Ask Me Anything’ discussion…

Read about this article
News March 01 2024

Forbes - How This Professional Hacker Built Two Cybersecurity Firms In His 30s

David Kennedy, the CEO and founder of TrustedSec, joins Rosemarie Miller on "New Money" to discuss his pivot from being in the U.S. marines to becoming a…

Read about this article
News February 28 2024

WWL First News - A cyberattack has disrupted prescription drug orders around the country

Advisory Solutions Director Alex Hamerstone spoke with WWL New Orleans about the recent cyberattack that disrupted prescription drug orders around the country.

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.