Lars Karlslund is a pragmatic cyber security specialist with 11+ years of hands-on experience helping large Danish organisations reduce real-world cyber risk across IT and OT environments. He blends offensive thinking with engineering craft—building tools like Adalanche and LDAPnomnom to visualise Active Directory attack paths and perform high-speed AD testing, while also delivering bespoke security assessments and remediation guidance. A freelance-minded "security-minded octopus," he moves comfortably from SOC engineering and Elastic stacks to PowerShell builds and Go backend development. His work often focuses on identity and configuration weaknesses that attackers exploit, and he ships automation to make complex AD analysis actionable. Based in Denmark, he balances consulting engagements with ongoing open-source contributions, demonstrating both technical depth and a penchant for finding the holes in the cheese.
11 years of coding experience
23 years of employment as a software developer
Odder Gymnasium
Datamatiker, Datamatiker at Aarhus Business College
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
Role in this project:
Backend Developer
Contributions:4 releases, 460 commits, 5 PRs in 2 years 3 months
Contributions summary:Lars worked on the "adalanche" repository, which is an Attack Graph Visualizer and Explorer for Active Directory. The commits show work on graph layouts and object exploration, suggesting development of the visualization aspects of the project. Furthermore, the user added license information and made adjustments to the code's output, refactoring and potentially improving the core functionalities related to active directory analysis.
Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
Role in this project:
Back-end & DevOps Engineer
Contributions:25 commits, 3 PRs, 40 pushes in 3 months
Contributions summary:Lars primarily contributed to the build and deployment processes of the LDAPnomnom tool. They implemented a PowerShell build script (`build.ps1`) to create executables for multiple operating systems and architectures. The user also added features like multi-server support and evasion techniques such as throttling and connection limits to improve the tool's functionality and robustness. Furthermore, the user upgraded the LDAP module and added the capability to dump RootDSE attributes as JSON.
bruteforceranonymouslycontrollerssecurityldap
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Lars Karlslund - Cyber Security Specialist at NetSection Security