The outsider perspective

Most of today's breaches are from outsider threats. They gain access to company networks, elevate their privileges, and achieve their objectives, causing financial losses and operational impact. These outsider threats do not know their target's network well, but they have their tools and expertise to quickly analyze and exploit weaknesses in it. Outsiders don't concern themselves with policies, internal politics and known insecure legacy systems that are on the planning to be phased out. They look at the technical state of the security and use the weakest link to get to their objectives. Outsider Security aims to find these weaknesses before threat actors do. We use our offensive knowledge, research and experience to analyze networks, organizations and cloud infrastructure, using our Outsider perspective to offer security advice that matters.


The person behind Outsider Security is Dirk-jan Mollema. Dirk-jan started in offensive security over 6 years ago and has executed many complex offensive projects for smaller and larger organizations worldwide. He is driven by a passion for security and wants to understand how systems work, and how to make them do things that are not supposed to happen. This has resulted in many research projects and tools which were published on his site and on several public conferences. In his research he found and disclosed various critical vulnerabilities in Active Directory, Microsoft Windows, Azure AD and other products.



Outsider Security focusses on security of medium to large enterprises, both in the cloud and on-premise. If you have an interesting security challenge that does not fall inside one of the pillars below, do not hesitate to reach out.


Active Directory Security

Breaching and giving actionable advice for securing Active Directory based networks, through an internal network pentest or an offensive security focused review.

Azure, Microsoft Entra & Microsoft 365
Analyzing cloud and hybrid setups, reviewing conditional access policies and securing Azure infrastructure. Outsider Security has an extensive expertise on the Microsoft cloud through our research, especially on identity focussed areas.


Specialized pentests
Do you have a complex network setup, a non-standard threat model or other special product in need of a security test? Let us know!
On-site training courses on Entra ID (Azure AD) and hybrid Active Directory security. Check the training page for more information.