Outflank Security Tooling

OST is a powerful toolbox made by red teamers for red teams

Outflank Security Tooling (OST) is a broad set of tools created by the red teaming specialists at Outflank. For years we have researched and developed powerful tools. Some of these tools we have shared with the public. Several others are too powerful for public release.

With OST, we bundle our internal tools and make these available as a service to others providing high-end offensive security services: red teaming, adversary simulation or advanced penetration testing services.

These tools allow you to simulate similar techniques to what some APTs and Organized Crime Groups apply but are not available in public tools. They also help all your team members to easily perform deep-technical and difficult tasks without hassle, with a guaranteed level and OPSEC safe. OST tools are explicitly developed to bypass defensive measures and detection tools.

OST will make your offensive security team perform more efficient.

Read our blog post on the OST release here.

Demo session

We perform demo sessions on request. Please complete this form to express your interest in such a demo session and we will schedule a session with your team.

OST benefits for your red team

Using the OST service has several benefits for your offensive team, including:

  1. Save time and money: OST is continuously updated with new offensive Techniques and Procedures by a team of hackers and developers. This saves you significant time developing and maintaining a full internal toolkit.
  2. Become smarter: We hire some of the smartest people in the industry. They spend much time on research & development. We put this into a readily available toolkit. This means your team can quickly upgrade their knowledge, technology and operations. Supported with extensive documentation, your team will know exactly what the tools do.
  3. Increase fire power on full kill chain: Smaller teams can punch above their weight by leveraging external development power. Our toolkit provides your team with shortcuts for hard stages like initial access, EDR evasion and OPSEC-safe lateral movement. OST includes techniques that have not yet been published or weaponized by other red teams.
  4. Use quality tools: The toolkit is also used by Outflank specialists. This means OST is built for performing in mature and sensitive target environments.

A selection of the tools

The toolset is under continuous development. Currently there are 10 tools, including (but there is more!):

  • Payload generator: Generate advanced and unique payloads. This tool contains a multitude of OPSEC and anti-forensic features to help you evade antivirus and EDR products. Easy to use for all your team members.
  • Office Intrusion Pack: Use high quality offensive macros for phishing with MS Office documents. This tool is built on our latest research and contains various non-public techniques to succeed in establishing initial access.
  • Stego loader: Hide your payloads in pictures using steganography. Just like some of the well-known APT groups do (e.g. APT29 and Turla).
  • Lateral pack: Stay under the radar of EDR products when moving lateral. This set of tools uses various modern and unpublished techniques.
  • Stage 1: Our pre-C2 toolkit. Perform OPSEC safe actions such as recon. Make an informed decision before increasing your footprint and smuggle full C2 frameworks such as Cobalt Strike, Mythic or Covenant past antivirus and EDR products.
  • HiddenDesktop: Hidden interaction with your target’s desktop. It’s like magic. You can move the mouse and open GUI applications on a hidden desktop on the target machine. Don’t be fooled, this is so much more than VNC or RDP. The user can continue working. He has no indication of your presence. Perfect for post-exploitation actions on objectives, such as gaining access to a fat client payment application.

Available via an online portal and Slack

OST is accessible to your team members via an online portal. This is the preferred way for modern teams. It allows for easy access, continuous updates and immediate upgrades.

The portal includes full documentation on the tools. From concept to technical and operational details. We make sure that your team knows what the tools do under the hood.

Tool support is given via Slack. The Outflank team members themselves are available for questions. The Slack channel is also the best way to discuss development ideas and other additions to OST.

More info and contact

OST is offered in a subscription model. Screening and export regulations rules may apply.

For more information you can download our product sheet here, check our tweets where we periodically illustrate some of our tools, or contact us directly at ost@outflank.nl for more information.

Run better red team operations with our toolkit

Reach out to us

Other services

We provide you with the best experts and aim for the highest quality.

Strategic threat information

Learn about the latest attacker tactics, techniques and procedures applicable to your organization.


Improve the skills and knowledge of your security team.