Outflank Security Tooling (OST) is dedicated to staying up to date on the latest trends, threats, and techniques. With its innovative cloud delivery platform, OST is designed to maintain a steady development pace, with an average release of one-to-two new tools per quarter as well as regular updates to enhance existing tools. This timeline provides an up-to-date record of our ongoing advancements and includes not only new releases and updates, but also other activities that the research team engages in, such as knowledge sharing sessions that discuss tradecraft, evasion, and other relevant topics.
OST RELEASES
New Misc Tools, Relaying Research and Quality of Life Updates
EDR Evasion
-
Evasive features ported towards ShovelNG for lateral movement
-
Additions of new EDR presets
Stage1
-
Major performance enhancement of SOCKS
Misc Features and Updates
-
New Keylogger and capability for remote command execution over WSMan
-
Inclusion of new relaying research
-
Updates to several tools to support new Windows versions, features, bugfixes, etc
Schedule a demo to learn more >
Mega EDR Fine Tuning and Bypass Release
-
This release is the result of several man-months of research on stealthiness and evasion.
-
OST tools PE Payload Generator, Stage 1 C2, and Lateral Pack’s Shovel NG are now even better equipped to bypass major EDRs as a result of tweaked remote process injection techniques, smarter unhooking, and a new sleep mask.
Schedule a demo to learn more >
EDR Evasion, Tech Deep Dive, and Bugfix Release
-
EDR info has been extended and presets are now available for a total of six major EDRs.
-
A cheat sheet is now available for the “OPSEC tricks for attacking Azure AD with ROADtools” recording.
-
Numerous small bugfixes have been implemented.
Schedule a demo to learn more >
PowerShell Tradecraft and New OPSEC Features
Tool category: PowerShell Tradecraft
-
PSPipeJack: This new tool uses a novel lateral movement technique for abusing tricks in Powershell, bringing back PowerShell for red teamers. It can be used as dedicated tool, both in Stage 1 C2 or in Cobalt Strike.
-
PowerShell support has been added to Stage 1 C2 with obvious security bypasses.
Schedule a demo to learn more >
Tech Deep Dive and new EDR presets
Tech DeepDive Recording
-
Microsoft Office Offensive Tradecraft: A recording of a public office tradecraft training.
EDR Evasion / Payload generator & documentation
-
Two new PE Payload Generator EDR presets.
Schedule a demo to learn more >
Major Updates for EDR Evasion
Updates:
Tool category: EDR Evasion/Payload Generator/Documentation
• Payload Generator:Payload generator now provides guidance on configuration options for specific EDRs.
• Documentation enhanced with technical details on evasion, strategies and how to best use OST.
• Minor bugfixes for Stage 1 and EvilClicky
Schedule a demo to learn more >
Updates to Hidden Desktop and Stage 1
Updates:
Tool category: Out-phase/Exfiltration
• Hidden Desktop: Complete rewrite, BOF format and various new functionality
• New feature in Stage 1: Reverse Port Forwarding (Enabling hiddenDesktop via Stage1)
Schedule a demo to learn more >
New Exploit Release: Ivanti Secure Access VPN Client
Tool category: Privilege Escalation/Misc
• Added exploit for Ivanti Secure Access (previously Pulse Secure) VPN client (CVE-2023-35080) in Misc
Schedule a demo to learn more >
Updates to ShovelNG and Cloud OPSEC Session
Updates:
Tool Category: Lateral Movement
• Enhanced ShovelNG (lateral movement) for increased evasion/OPSEC
Knowledge Sharing:
Category: Cloud OPSEC
• Tech DeepDive Recording: OPSEC tricks for attacking Azure AD with ROADtools from Dirk-Jan Mollema
Schedule a demo to learn more >
Sleep Mask Additions & New C2 Tools
Tool category: Command & Control
• Stage 1 new configurable Sleep Masks
• Cobalt Strike Integrations update: New evasive Sleep Mask added
Updates:
• Outflank C2 Tool Collection updates including 3 new tools
• Extended support for arbitrary .NET projects
Schedule a demo to learn more >
New Tool Release: Cobalt Strike Integrations on Evasive Sleep Mask
New Tool Release: regcertipy & Updates to Kerneltool
Tool category: Internal Recon
• New tool release: regcertipy – identifying certificate templates via registry updates
Updates:
• Updated Kerneltool with additional supported kernel/OS versions
Schedule a demo to learn more >
Tech Deep Dive Videos for Stage 1 & Windows Kernel Drivers
Release type: Knowledge Sharing
• Added Tech Deep Dive video on Stage 1 automation
• Added Tech Deep Dive video on Windows Kernel Drivers
Schedule a demo to learn more >
Updates to PE Payload Generator & Cobalt Strike Integration UDRL
Release type: Updates
• PE Payload Generator now has a new loader with favorable OPSEC properties
• Cobalt Strike Integration UDRL added new loader, and added YARA bypass information
Schedule a demo to learn more >
Updates to PE Payload Generator, KernelTool & Kernelkatz
Release type: Updates
• PE Payload Generator now supports .node files
• KernelTool and Kernelkatz driver change after update of Microsoft Driver Block List
• KernelTool support for DSE disabling
• KernelKatz enhancements to dump plaintext WDigest Credentials and toggle WDigest support
Release type: Knowledge Sharing
• Added ClockOnce video to Tech DeepDive section
Schedule a demo to learn more >
New tool release: Stage1 v2.4.0
Tool category: Command & Control
• New tool release: Stage1 v2.4.0, brings SOCKS5 support as well as new features and User Experience Improvements
Schedule a demo to learn more >
New tool release: Cobalt Strike Integrations on UDRL
Tool category: Command & Control
• New tool release: Cobalt Strike Integrations on User Defined Reflective Loader
Schedule a demo to learn more >
Q2 2023 Update Review
Release type: Knowledge Sharing
• Q2 2023 update review, walkthrough of most important additions of OST updates in Q2 2023
Schedule a demo to learn more >
New Tool Release: EvilClicky – ClickOnce Payload Generator
New Tool Release: KernelKatz
Tool category: Credential dumping
• New tool release KernelKatz: a BOF for credential dumping via the kernel using a vulnerable krenel driver
Schedule a demo to learn more >
New Tool Release: DumpMstsc & Updates to KerberosAsk, KernelTool, ShovelNG
Tool category: Credential dumping
• New tool release DumpMstsc: a BOF to retrieve passwords from a running mstsc process
Updates:
• New UAC bypass functionality in KerberosAsk, code overhaul in KernelTool and added opsec features in ShovelNG (lateral movement pack)
Schedule a demo to learn more >
Updates to Stage 1 & Opsec/Evasion
Tool category: Command & Control
• Stage 1 new commands & opsec/evasion updates
Schedule a demo to learn more >
Session on EDR Evasion & Opsec
Release type: Knowledge Sharing
• Sharing: session on EDR Evasion & Opsec, recording is available in portal
Schedule a demo to learn more >
Q1 2023 Update Review
Release type: Knowledge Sharing
• Q1 2023 update review, walkthrough of most important additions of OST updates in Q1 2023
Schedule a demo to learn more >
New Tool Release: RPC and Registry Tradecraft
Tool category: Internal Recon
• New tool release RPC and Registry Tradecraft: collection of scripts related to RPC and Windows Registry trickery
Schedule a demo to learn more >
New Tool Release: SideloadTrigger & Updates to Payload Generator, KerberoasAsk
Tool category: Privilege Escalation
• New tool release SideloadTrigger: a BOF used for privesc abusing writeable paths
Updates:
• Payload Generator now has new loaders and ‘predefined payloads’
• KerberoasAsk support for pfx files, PasswordSpy
Schedule a demo to learn more >
Updates: Various cleanup and smaller bug fixed
New tool release: Stage1 v2.0.0
Tool category: Command & Control
• New tool release: Stage 1 v2.0.0, a major overhaull of the Stage1 C2 framework
Schedule a demo to learn more >
Session on latest research ‘The Registry Rundown for Red Teams’
Release type: Knowledge Sharing
• Session on latest research ‘The Registry Rundown for Red Teams’
Schedule a demo to learn more >
Updates to Payload Generator
Release type: Updates
• Payload Generator now also supports DripMemory & ROP Gadgets for EDR evasion
Schedule a demo to learn more >
New Tool Release: KernelTool & Updates to KerberosAsk
Tool category: Kernel Trickery
• New tool release KernelTool: EDR blinding by modifying precoss details abusing a vulnerable driver
Updates:
• KerberosAsk updates allowing for tgtdeleg and S4u
Schedule a demo to learn more >
ShovelNG (Lateral Pack) upgraded with new loaders
Release type: Updates
• ShovelNG (Lateral Pack) upgraded with new loaders