Melvin Langvik
Senior Security Consultant at TrustedSec
Actions
Melvin Langvik is an accomplished professional with a diverse background in technology. He started his career as a developer and integration consultant, where he gained practical experience in developing and distributing critical backend infrastructure for an international customer base.
Melvin's passion for cybersecurity later led him to transition into offensive security. Today, he works for TrustedSec, an internationally recognized security company. Melvin is a part of TrustedSec's targeted operations team, tasked with performing targeted cyber attacks against some of the most mature and often largest companies in the world.
HackGPT - Text assisted red teaming
Creative and innovative use of advanced language models like GPT-4 to assist in red team operations
The Step-by-step guide to pwning O365
In August 2022, I gave my presentation "Taking a dump in the cloud" at the world's largest security conference, DEF CON, in Las Vegas. The presentation was an introduction to the tool TeamFiltration, which was publicly launched on the same day. TeamFiltration is an open-source framework for attacking Microsoft O365 environments. In this presentation, we talked about typical attack flows using the tool, tips, tricks, and hidden undocumented features built into TeamFiltration. The presentation built on what was presented in Vegas but took it several steps further. If you own and/or regularly perform attacks against Microsoft O365, this is a presentation you definitely don't want to miss.
Red Team Chronicles: Blunders and Triumphs
I foredraget 'Red Team Chronicles: Blunders and Triumphs', tar vi et dypdykk inn i de klønete, men samtidig lærerike og ofte ufortalte hendelsene fra 'Red Team'-oppdrag. Her deler vi erfaringer og lærdommer, hentet fra oppturer og nedturer. Målet er å gi et unikt innblikk i strategier og taktikker som ofte anvendes, samt å inspirere til kontinuerlig forbedring og utvikling av deteksjonsevne. Forbered deg på en engasjerende blanding av lærerikt innhold, virkelige scenarioer, og underholdende historier!
Practical Post Exploitation - Office365 Edition
Bli med på en grundig utforskning av etterangrepsfasen i Microsoft Office 365. Vi skal diskutere tekniske teknikker og strategier, effekten av Enkeltpålogging (SSO), effektivt og automatisert datatyveri, samt hvilke verktøy angripere bruker. Foredraget vil være en konsis, praktisk og innsiktsfull gjennomgang av sikkerhetsutfordringene i Office 365.
Live podcast med O3 Cyber
Vi skal spille inn to live podcast episoder på sikkerhetsfestivalen (mikrobryggeriet) fra 09:00 til +/- 12:00.
Episode 1 - Cloud Security med Karim, Melvin og Olav
Tidspunkt: Omtrentlig 09:15 - 10:00
Innhold: Angrepsmetoder, trussellandskap, forsvar av skymiljøer
Episode 2 - Hvordan er det egentlig å starte opp et cyber security selskap?
Tidspunkt: Omtrentlig 10:15 - 11:00
Innhold: Vi forteller først kort om hvorfor vi valgte å starte O3 Cyber, hvordan reise har gått så langt, blemmer og utfordringer, samt resultater. Deretter åpner vi for spørsmål fra publikum som kan spørre om akkurat hva de vil, så svarer vi etter beste evne. Intensjonen er å gi innsikt til andre som selv kunne tenke seg å starte selskap, bli selvstendig konsulent, eller tilsvarende.
Totalt er det +/- 120 plasser, med følgende fordeling:
- 50 plasser i nær tilknytning til scenen
- 50 plasser litt lenger bak, men god lyd
- 20 plasser på siden av scenen med god lyd
For de som ønsker kan man kjøpe seg øl i baren i forkant og underveis.
How I Accidentally Helped Hack 80,000 EntraID Accounts
Back in 2022, I released TeamFiltration to help defenders test their Microsoft 365 security. In early 2025, Proofpoint and others reported that attackers had weaponized it in large-scale password-spraying campaigns, targeting over 80,000 Entra ID accounts worldwide. This talk dives into how my red-team tool was abused in the wild, why it became headline news across outlets like Proofpoint, The Hacker News, and SecurityWeek, and what the TeamFiltration saga reveals about the double-edged nature of open-source offensive tooling.
Evading Modern Defenses When Phishing with Pixels
Dive into the art of phishing with QR codes! We'll cover the fundamentals of QR code phishing, revealing how these innocuous-looking images are used to deceive users into a false sense of legitimacy. After touching upon the basics, we'll explore creative tactics for obfuscating and hiding QR codes to ensure they reach their intended targets. As a sidetrack, we'll delve into how emails are rendered within the Outlook Mail Application and showcase some neat tricks that exploit its limitations for hiding QR codes from modern defensive solutions. Overall, the talk is intended to help testers up their QR code phishing game!
Sikkerhetsfestivalen 2025 Sessionize Event
Sikkerhetsfestivalen 2024 Sessionize Event
Adversary Village at DEF CON 32 Sessionize Event
EUCtech Spring Sessionize Event
Sikkerhetsfestivalen 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top