Red Team Tools: Outflank Security Tooling

Powerful offensive security tools made by red teamers for red teams

Outflank Security Tooling (OST)

Outflank Security Tooling (OST) is a broad set of evasive red team tools that cover every significant step in the attacker kill chain, from initial breach to data exfiltration. OST tools are explicitly developed to bypass defensive measures and detection tools, creating authentic scenarios that simulate a real-world attack from an advanced threat actor or cybercrime group. In addition to effectively assessing an organization’s defenses, these offensive security tools also simplify red teaming, allowing users to easily perform complex tasks safely and without hassle.

An Advanced Toolset Created by Experienced Red Teamers

Over the years we have researched and developed powerful tools in pursuit of delivering superior red team services to our clients. While we have shared some of these tools with the security community at large, we deemed others too powerful for public release.

With OST, we have bundled some of our internal tools that we continue to use in our own engagements and offer them only to others providing high-end offensive security services like red teaming, adversary simulation, or advanced penetration testing services.

“Well-researched and robust, OST allows us to focus more on the strategic aspects of our operations rather than getting bogged down in endless coding.”

Wim V. Offensive Security Engineer, Vectra AI

Red Team Tools available in the OST Toolkit

In order to provide the most effective solution possible, the Outflank team is dedicated to regularly developing new tools. To complement the research and development from our own specialists, we also exclusively contract with external offensive security specialists to provide additional research and enhancements to our tools.

KerberosAsk

Perform Kerberos actions from a Beacon
Object File (BOF) using a custom ASN.1
decoding implementation.

Payload Generator

Create advanced payloads that enhance
antivirus evasion and detection strategies
using anti-forensic features. Watch a Short Demo Video

SharpFuscator: .Net Obfuscator

Make use of the many public red teaming
tools written in .Net with a Custom
.Net obfuscator. Watch a Short Demo Video

Hidden Desktop: Thick Client Intrusion

Covertly interact with a target’s desktop
including thick client applications without
impacting their user experience. Watch a Short Demo Video

Fake Ransom

Simulate an authentic ransomware attack
with a ransom notice that takes over the
screen, displaying file listings on the
target machine.

Stage 1: Pre-C2 Framework

Determine strategy prior to deploying C2
frameworks with an OPSEC-focused, pre-
C2 framework that allows for basic task and
safe reconnaissance. Watch a Short Demo Video

Lateral Pack: Lateral Movement
for EDR Evasion

Stay under the radar of EDR products when
moving lateral. This set of tools uses various
modern and unpublished techniques.

Language Panda

Change language forensics within a document
to make it appear as if it was created using an
Office installation from another country.

Stego Loader: Image Steganography Tool

Deploy steganography to deftly conceal
payloads in images.

Office Intrusion Pack

Create powerful VBA macros for your MS Office
phishing documents.

KernelKatz

Dump hashes of logged-in users by reading
LSASS memory through a kernel driver. Watch a Short Demo Video

DumpMstsc

Dump credentials that are stored in-memory
of running RDP client processes.

OST has a high pace of development, with an average release of one-two new tools per quarter as well as regular updates to enhance existing tools. A timeline of new tools and updates can be found here.

Tool Delivery & Support

Available via online portal and Slack

OST is accessible to users via an online portal that provides easy access, thorough technical and operational documentation, continuous updates, and new tool additions.

Tool support is given via Slack. The Outflank team monitors this private user community to provide support.

The team also uses this channel to regularly offer knowledge sharing sessions. Topics include quarterly updates, overview of current research projects, and broader discussions on relevant security topics. Past topics include: EDR evasion, Office security tradecraft, blue team activity tracking, and DLL hijacking. Users have exclusive access to these live sessions as well as their recordings.

OST is offered in a subscription model. Screening and export regulations rules apply.

Interoperability with Cobalt Strike

FortraOST was developed to work in tandem with Cobalt Strike, the well-established adversary simulation solution.  Cobalt Strike’s mature, adaptable C2 framework allows a red teamer to simulate the tactics and techniques of an advanced, embedded attacker. OST integrates directly with Cobalt Strike through BOFs and reflective DLL loading techniques, providing an OPSEC-safe way to efficiently perform highly technical and difficult post-exploitation tasks.

Red teams can now take full advantage of OST’s interoperability with Cobalt Strike using the Red Team Bundle, which combines these two security assessment solutions for a discounted price.

View the datasheet for more information.

Get Started

For more information about OST, you can view our datasheet here. Follow us on Twitter where we periodically illustrate some of our tools, or schedule a live demonstration.

View a series of short demo
videos showcasing our tools.

Receive a live demonstration of
Outflank Security Tooling.

Start the purchase process
by requesting a quote.

Other services

We provide you with the best experts and aim for the highest quality.

Training

Improve the skills and
knowledge of your
security team.

Red teaming and
attack simulation

Prepare your organisation
for real digital attacks.