Author Archives: Marc Smeets

Our reasoning for Outflank Security Tooling

TLDR: We open up our internal toolkit commercially to other red teams. This post explains why. Is blue catching your offensive actions? Are you relying on public or even commercial tools, but are these flagged by AV and EDR? Hesitant on investing deeply in offensive research and development? We’ve been there. But several years ago, […]

RedELK Part 3 – Achieving operational oversight

This is part 3 of a multipart blog series on RedELK: Outflank’s open sourced tooling that acts as a red team’s SIEM and helps with overall improved oversight during red team operations. In part 1 of this blog series I discussed the core concepts of RedELK and why you should want a tool like this. In part 2 […]

RedELK Part 2 – getting you up and running

This is part 2 of a multipart blog series on RedELK: Outflank’s open sourced tooling that acts as a red team’s SIEM and also helps with overall improved oversight during red team operations. In part 1 of this blog series I have discussed the core concepts of RedELK and why you should want something like […]

Introducing RedELK – Part 1: why we need it

This multi-part blog post is about a tool we released: RedELK. In a few words you can describe it as a “Red Team’s SIEM”, although it actually does a few more things to ease the life of red teams. We released it right after our talk at BruCON 2018, and you may have already seen […]

Automated AD and Windows test lab deployments with Invoke-ADLabDeployer

We are happy to introduce Invoke-ADLabDeployment: a PowerShell project that helps you to quickly deploy a virtual test environment with Windows servers, Windows desktops, Office, Active Directory and a networking setup with multiple broadcast segments, all running on your local Hyper-V environment. It is an in-house developed tool that we use heavily during our red […]