Outflank Security Tooling (OST): Tool List  

The team at Outflank is always pushing boundaries with new tool development. By regularly adding new tools and updating existing tools, users can take advantage of the latest offensive capabilities to simulate more advanced and realistic attacks during red team engagements. This enables red teams to better prepare blue teams and deliver overall more thorough assessments.

Our toolset is constantly growing with over 30 tools at this moment. Though the following is a comprehensive list, we also recommend regularly checking out the release page for the most up-to-date information.

GETTING IN

Payload Generator

Create advanced payloads that enhance antivirus/EDR evasion and detection strategies using anti-forensic features.

Learn more>

Builder

Transform binary script based payloads such as HTA, VBScript, JScipt into different formats like ClickOnce to efficiently create sophisticated phishing samples.

Stego Loader

 Deploy payloads using steganography, just like real threat actors, including APT29 and APT32.


Intrusion Pack

Create powerful VBA macros for your MS Office phishing documents.

Language Panda

Change Office document metadata to make it appear as if it was created using an Office installation from another language.

MOVING LATERALLY

Outflank C2

An optimized, OPSEC focussed custom C2 framework with support for implants on Windows, macOS and Linux. Has support for proxing. Extendable using BOFs and python.

Learn more>

SCMUseKerberos

Bypass UAC or elevate local privileges with Kerberos tickets by changing the Service Control Manager (SCM).





Lateral Pack

Stay under the radar of EDR products when moving laterally. This set of tools uses various modern and unpublished techniques.




Sharpfuscator

Make use of the many public red teaming tools written in .Net with a custom .Net obfuscator.

Credential Pack

Extract and obtain credentials from Windows host in different ways, with and without touching LSASS.

DLL Hijack Library

Easier abuse of DLL hijack vulnerabilities to enable Local Privilege Escalation (LPE) attacks. 

ACTIONS ON OBJECTIVES

Hidden Desktop

Covertly interact with a target’s desktop including thick client applications without impacting their user experience.

Fake Ransom

Simulate an authentic ransomware attack with a ransom notice that takes over the screen, displaying file listings on the target machine.

BOFS AND MISCELLANEOUS

UntrustProcess

Downgrade the integrity level of a target PPL process to Untrusted.

O365 Extractor

Dump available O365 tokens stored for the current user by the Web Account Manager.

Ivanti Connect Secure PrivEsc

Exploit this VPN client to obtain elevated privileges.


PhisherPrice

Get help with Device Code Flow abuse without sending codes/QRs via email. Easily set up and host a phishing website, and easily receive auth tokens.

KerberosAsk

Perform Rubeus like Kerberos interaction but now in more OPSEC safe BOF format.



Coercer

Perform custom coerced authentication attacks.





KernelTool

Interact with a target’s kernel abusing a vulnerable kernel driver.




SideloadTrigger

Trigger a DLL sideload vulnerability in a common Windows service.




RPC & Registry Tradecraft

Utilize this library of miscellaneous scripts created by the Outflank team throughout their research  in Windows RPC and registry.

DumpMstsc

Dump credentials that are stored in-memory of running RDP client processes.

KernelKatz

Utilize Mimikatz like functionality by abusing a vulnerable kernel driver.

EvilClicky

Create ClickOnce payloads for initial execution to bypass SmartScreen controls.

Powershell Tradecraft

Get assistance with local and remote PowerShell execution with this collection of tools.

Keyper

Utilize this .Net keylogger with Outflank C2 (formerly Stage1), Cobalt Strike, or standalone.



COBALT STRIKE ENHANCEMENTS

Beacon Booster

Enhance evasion of Cobalt Strike beacons with customized UDRLs and Sleep Masks.

BeaconBot

Automate administrative tasks in Cobalt Strike with this CNA script.



SUPPORT


BlueCheck

Identify possible blue team activity during an engagement to maintain stealth and gain insights into defensive movements.



Get Started

For more information about OST, you can view our datasheet here. Follow us on Twitter where we periodically illustrate some of our tools, or schedule a live demonstration.

View a series of short demo
videos showcasing our tools.

Receive a live demonstration of
Outflank Security Tooling.

Start the purchase process
by requesting a quote.