Mattias Borg
Cybersecurity Researcher
Stockholm, Sweden
Actions
Cybersecurity Researcher, Penetration Tester, and Incident Response geek - short description "like to break stuff, and then fix it sometimes"
One of the persons in the duo DefenderBoys - Defenderboys.com
With a strong focus on threat hunting within the Microsoft security ecosystem, I specialize in uncovering vulnerabilities and empowering organizations to strengthen their defenses.
Experience & Achievements:
Recognized by Microsoft with Security Research Acknowledgements (2018, 2022, 2023) and credited for CVE-2022-26788.
Regularly conducting vulnerability research alongside delivering impactful results for clients.
Microsoft Security MVP in SIEM & XDR for 5 consecutive years
Voted best speaker at Live!360 2024
Voted best session at Live!360 2024
Speaking Engagements:
An experienced speaker at industry-leading events, including:
2024: KustoCon, Live!360, SANS CloudSecNext Summit, Teamsdagen, WPNinjas Summit, WP Ninjas UK
2023: Teamsdagen, Workplace Ninja Summit, Techorama, Nordic Virtual Summit
2022: Workplace Ninja Summit
2021: Workplace Ninja Summit, Nordic Virtual Summit
2020: Workplace Ninja Summit
Previous Highlights: SANS Threat Hunting & IR Summit, GRC, TechDays Sweden, Techorama BE, DefCon SE Village, SEC-T, and other community meet-ups.
Recognition:
Passionate advocate for #SOAR, #DFIR, and #ThreatHunting
Let’s collaborate to make cybersecurity stronger—#HappyHunting!
Links
Area of Expertise
Topics
Most common misconfigurations identified during our Red Team engagements
Explore prevalent misconfigurations uncovered in red team engagements and learn how to mitigate them. Gain practical insights into identifying and addressing vulnerabilities to strengthen your organization's defenses against cyber threats.
This session offers valuable insights into fortifying your defenses against sophisticated adversaries
Microsoft Defender XDR - Chief Defender
In this two day training we will go through Microsoft Defender XDR from a Security Analyst perspective.
We will cover the included products in Microsoft Defender XDR, and how to work with them to respond to incidents. Additionally we will also go through how to perform Threat Hunting with Microsoft Defender XDR.
The two-days will have a mix of lectures and hands on in the Defender Portal.
Kusto Maniacs - The ultimate Kusto session
Join us for an electrifying journey into the depths of Kusto Query Language (KQL) with 'Kusto Maniacs'!
In this exhilarating session, two seasoned KQL experts will push the boundaries of possibility as they unveil the untapped potential and hidden gems within this powerful query language.
Brace yourself for an immersive showcase of cutting-edge techniques, mind-bending queries, and ingenious solutions that will ignite your imagination and revolutionize your approach to data analysis. Whether you're a novice or a seasoned pro, prepare to be inspired, challenged, and awestruck by the sheer brilliance of KQL unleashed by the 'KQL Maniacs'!
Mastering Microsoft Defender XDR Configuration
Unlock the full potential of Microsoft Defender XDR with this engaging and hands-on session! Dive into the essentials of optimizing Defender XDR configuration, backed by real-world scenarios and expert insights. Learn not only what should be configured but also why it matters—delivered through demos and actionable takeaways. This session is packed with practical knowledge and a touch of fun to elevate your organization's threat detection and response capabilities.
M365 Defender - Custom detections everything you need to know
As cyber threats evolve in complexity and sophistication, organizations must fortify their defense mechanisms to safeguard their digital assets. Microsoft 365 Defender offers a comprehensive suite of tools designed to detect, investigate, and respond to modern cyber threats across multiple platforms.
This session will dive into the realm of custom detections within M365 Defender, providing attendees with a thorough understanding of how to tailor their defense strategies to their unique organizational needs. Participants will gain insights into leveraging custom detections effectively.
Improve your resilience with cybersecurity table-top exercises
This session will provide a comprehensive introduction to table-top cybersecurity exercises, focusing on their importance, design, and execution. Participants will gain insights into the benefits of conducting table-top exercises, including improved incident response readiness, enhanced communication and coordination among stakeholders, and identification of gaps in policies and procedures. Practical guidance will be provided on structuring exercises to align with organizational objectives, selecting relevant scenarios, and engaging participants effectively.
Improve Client Resilience with Defender Boys
Join the Defender Boys on a journey to enhance client resilience through the power of Microsoft Defender for Endpoint. From sniffing out misconfigurations to continuous hardening, this session has actionable insights and hands-on examples. Learn how to turn KQL queries into a configuration-fixing superpower, ensuring your endpoints are not just defended but resilient against the challenges of tomorrow.
Key Takeaways:
- Strategies to leverage Microsoft Defender for Endpoint for proactive measures against configuration errors
and simplify the client hardening.
- Common configuration pitfalls and how to identify them.
- Practical steps to improve endpoint security posture and client resilience.
Taking your Kusto to the Next-Level
In this session we will dive into log parsing and custom logs in Microsoft Sentinel. We will also guide you through advanced Kusto queries with regex as an example.
Security Automation 2.0
What?! In this session, Martin and Mattias will go beyond everything normal and show you the biggest and craziest automation session ever.
They will use all kinds of public sources and smart object analysis to enrich the incident data and take proper actions.
This session will go beyond all expectations
Key take-aways:
- Automation is not difficult, this is what you need
- Real use-cases as well as the crazy ones
- Step by step to get started
Security with Azure Sentinel - see what you didn't see before!
In this session you will learn what Azure Sentinel has to offer and how you with simple steps can get started to detect threats in your IT environment.
M365 Defender - Custom detections everything you need to know
In this session we will show you everything you need to know when building custom detections in Microsoft 365 Defender.
We will also walk you through several practical use cases everyone should have in their environment.
Förbättra säkerheten i Microsoft Teams med MDO-support för Teams
Välkomna till sessionen som visar hur du kan förbättra säkerheten i Microsoft Teams genom att använda MDO-support (Microsoft Defender for Office 365). MDO-support är en integrerad säkerhetslösning som hjälper till att skydda din organisation och användare från avancerade hot och säkerhetsrisker i Office 365-miljön, inklusive Teams.
Under denna timme kommer två av landets vassaste Microsoft Security MVP:er presentera och hjälpa er att utforska de viktigaste funktionerna i MDO-support och hur du kan dra nytta av dem för att skapa en säkrare Microsoft Teams-miljö.
Vi kommer att gå igenom följande punkter:
1. Vad är MDO-support och varför är det viktigt för Microsoft Teams?
- Vi kommer att förklara vad MDO-support är och varför det är en avgörande del av att säkra Teams-miljön. Vi kommer att diskutera de unika hot som kan påverka Teams och hur MDO-support hjälper till att hantera dem.
2. Skydda mot skadliga länkar och filer i Teams-chattar och kanaler.
- Vi kommer att titta närmare på hur MDO-support identifierar och blockerar skadliga länkar och filer som kan cirkulera i Teams-chattar och kanaler. Vi kommer också att diskutera bästa praxis för att undvika sådana hot.
3. Avancerat automatiskt sydd för Teams.
- MDO-support erbjuder ett omfattande automatiskt skydd som hjälper till att identifiera och blockera hotfulla och elakartade meddelanden innan de når användarnas Teams-inkorgar. Vi kommer att utforska dessa funktioner och hur de kan stärka säkerheten för dina användare.
4. Upptäcka och svara på hot med hjälp av säkerhetsinformation och analyser.
- Vi kommer att gå igenom de olika säkerhetsinformation och analyser som MDO-support tillhandahåller för att upptäcka och svara på hot mot Teams. Genom att förstå dessa verktyg kan du snabbt och effektivt hantera säkerhetsincidenter.
5. Bästa praxis för att implementera MDO-support för Teams.
- Slutligen kommer vi att diskutera bästa praxis för att implementera MDO-support i din organisation och integrera det i din befintliga säkerhetsstrategi för Teams. Vi kommer att dela användbara tips och resurser för att komma igång och maximera nyttan av MDO-support.
Reduce the Gap - Threat Hunting as a team
How do you work with threat hunting?. What is your organizations threat hunting maturity level?
How can you improve?
In this session, w will go through a process of threat hunting, reactive and proactive, and how you integrate with your response and analysis process to help you reduce the gap between hunters, analysts and responders to speed up post breach investigations and remediations.
Key takeaways:
- Learn how to build a process with threat hunting
- Learn how to reduce the gap and improve the efficiency of hunting
Defender for Endpoint - Deep Dive
This session is deep diving into Microsoft Defender for Endpoint with Advanced Threat Hunting. Configuration pitfalls and much more
What's new and how to deploy Defender for Endpoint for Servers Down-Level Agent
In this session we will walk through the features of the new Defender for Endpoint Down-Level Agent for 2012 R2 and 2016 server. New features, how to deploy and transition from todays MMA based agent.
Lessons learned from deploying at scale.
XDR - Microsoft 365 Defender
Microsoft 365 Defender provides XDR capabilities for your organization. But what does that really mean?
What are the components and how does it help you protect, detect and respond to threats.
In this session Mattias and Stefan will go through the capabilities ,mapping to the threat landscape and share knowledge from the field.
Key takeaways:
- Learn the core of Microsoft 365 Defender
- Why do you need these capabilities to
- Real scenarios
- Notes from the field
Live response with Microsoft Defender for Endpoint
Many organizations are moving to the Microsoft Defender for Endpoint solution but how should you work with the different features and capabilities?
In this session Mattias and Stefan will share how to extract forensic artefacts from an endpoint and respond to threats with the Live Response feature in Microsoft Defender for Endpoint and use tools from the security community
Detect and Respond with Microsoft 365
How can we detect Incidents and more importantly how can we respond in an efficient way to the Incidents that will occur when we get enhanced detection capabilities. In this session we will give you insights to an efficient Automated Security Incident Response Process.
Defender ATP - Hardcore Deep Dive
This session is deep diving into Microsoft Defender ATP. Advanced Threat Hunting, Live response and services running on the client side
How to build a Security Operations Center with Microsoft Technologies
In this session we will walk you through what capabilities you need and how you can use different Microsoft Technologies to build your Security Posture.
Take care of your Clients you don't WannaCry
In this session we will walk you through how to Build a Secure Client that is resistant against modern Threats. We will cover the Security Stack of a Client including Windows 10 Security Features and Windows Defender ATP
From Code to Cash
In this session we will walk you through how hackers are exploiting companies and what you can do to stop them from being successful. We will walk you through one of the biggest cases where 700 companies in Sweden where compromised by a group of hackers.
YellowHat Sessionize Event
Experts Live Denmark 2025 Sessionize Event
Nordic Virtual Summit User group Sessionize Event
Live! 360 Tech Con Orlando 2024 Sessionize Event
Workplace Ninja Summit 2024 Sessionize Event
Workplace Ninjas UK - Manchester! Sessionize Event
Teamsdagen Hybrid Hösten 2023 Sessionize Event
Workplace Ninja Summit 2023 Sessionize Event
Techorama 2023 Belgium Sessionize Event
WorkPlace Ninja Summit 2022 Sessionize Event
WorkPlace Ninja Virtual Edition 2021 Sessionize Event
Nordic Virtual Summit Sessionize Event
Techorama 2020 BE Sessionize Event
SANS Threat Hunting & IR Europe Summit & Training 2020
How to automate response with M365
Tech Days 2017
Microsoft TechDays 2018 Sessionize Event
Def Con 24
Social Enginering Village - Scam caller session
Mattias Borg
Cybersecurity Researcher
Stockholm, Sweden
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top