Outflank Security Tooling
OST is a powerful toolbox made by red teamers for red teams
Outflank Security Tooling (OST) is a broad set of tools created by the red teaming specialists at Outflank. For years we have researched and developed powerful tools. Some of these tools we have shared with the public. Several others are too powerful for public release.
With OST, we bundle our internal tools and make these available as a service to others providing high-end offensive security services: red teaming, adversary simulation or advanced penetration testing services.
These tools allow you to simulate similar techniques to what some APTs and Organized Crime Groups apply but are not available in public tools. They also help all your team members to easily perform deep-technical and difficult tasks without hassle, with a guaranteed level and OPSEC safe. OST tools are explicitly developed to bypass defensive measures and detection tools.
OST will make your offensive security team perform more efficient.
We regularly run public session during which we do a 75 minute explanation of the toolkit and demonstration of some of the tools in the kit. Our next demo sessions are scheduled for:
June 20th, 2022 - 16:00 (CET)
Please reach out to firstname.lastname@example.org to receive an invitation for a demo session.
OST benefits for your red team
Using the OST service has several benefits for your offensive team, including:
- Save time and money: OST is continuously updated with new offensive Techniques and Procedures by a team of hackers and developers. This saves you significant time developing and maintaining a full internal toolkit.
- Become smarter: We hire some of the smartest people in the industry. They spend much time on research & development. We put this into a readily available toolkit. This means your team can quickly upgrade their knowledge, technology and operations. Supported with extensive documentation, your team will know exactly what the tools do.
- Increase fire power on full kill chain: Smaller teams can punch above their weight by leveraging external development power. Our toolkit provides your team with shortcuts for hard stages like initial access, EDR evasion and OPSEC-safe lateral movement. OST includes techniques that have not yet been published or weaponized by other red teams.
- Use quality tools: The toolkit is also used by Outflank specialists. This means OST is built for performing in mature and sensitive target environments.
A selection of the tools
The toolset is under continuous development. Currently there are 10 tools, including (but there is more!):
- Payload generator: Generate advanced and unique payloads. This tool contains a multitude of OPSEC and anti-forensic features to help you evade antivirus and EDR products. Easy to use for all your team members.
- Office Intrusion Pack: Use high quality offensive macros for phishing with MS Office documents. This tool is built on our latest research and contains various non-public techniques to succeed in establishing initial access.
- Stego loader: Hide your payloads in pictures using steganography. Just like some of the well-known APT groups do (e.g. APT29 and Turla).
- Lateral pack: Stay under the radar of EDR products when moving lateral. This set of tools uses various modern and unpublished techniques.
- Stage 1: Our pre-C2 toolkit. Perform OPSEC safe actions such as recon. Make an informed decision before increasing your footprint and smuggle full C2 frameworks such as Cobalt Strike, Mythic or Covenant past antivirus and EDR products.
- HiddenDesktop: Hidden interaction with your target’s desktop. It’s like magic. You can move the mouse and open GUI applications on a hidden desktop on the target machine. Don’t be fooled, this is so much more than VNC or RDP. The user can continue working. He has no indication of your presence. Perfect for post-exploitation actions on objectives, such as gaining access to a fat client payment application.
Available via an online portal and Slack
OST is accessible to your team members via an online portal. This is the preferred way for modern teams. It allows for easy access, continuous updates and immediate upgrades.
The portal includes full documentation on the tools. From concept to technical and operational details. We make sure that your team knows what the tools do under the hood.
Tool support is given via Slack. The Outflank team members themselves are available for questions. The Slack channel is also the best way to discuss development ideas and other additions to OST.
Fixed yearly license fee for your offensive security team
OST is offered in a subscription model. A single license grants access for an entire offensive security team. A 12-month license is priced at € 45k. This includes tool support and free updates during the license period.
In case your team is over 10 people in size, or is geographically dispersed, please contact us for a tailor-made price.
Screening and export regulations rules may apply.
Get specialist advice on-board.
Red teaming and attack simulation
Prepare your organisation for real digital attacks.