Cobalt Strike and Outflank Security Tooling (OST) are two elite red teaming solutions ideal for assessing the security posture of an organization by deploying sophisticated adversary simulations.  

Cobalt Strike is a threat emulation tool that provides a post-exploitation agent and covert channels, replicating the tactics and techniques of an advanced adversary in a network. OST is a curated set of offensive security tools that covers every step in the attacker kill chain. Though both solutions work well independently, OST was developed to work in tandem with Cobalt Strike, extending its reach and empowering red team operators for increased efficiency. 

Cobalt Strike and OST can be bundled together for a reduced price, enabling organizations to benefit from red teaming tools that seamlessly integrate with one another. This overview provides details on the key functionalities of each of these solutions and how they can be used together to amplify your red teaming efforts. 

Cobalt Strike

Cobalt Strike enables security professionals to simulate the tactics and techniques of a stealthy long-term embedded attacker in an IT environment. Red teams can launch targeted attacks using Beacon, Cobalt Strike’s post-exploitation payload, which can execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads.  

Additionally, Cobalt Strike has a malleable command and control framework that can be modified with custom scripts, adjustable attack kits, and the Community Kit with user-created extensions. For example, new post-exploitation features can be added through the creation of a Beacon Object File (BOF), a compiled C program that can be executed within a Beacon process and use internal Beacon APIs.

OST

OST is a toolkit for red teamers by red teamers, built for performing in mature and sensitive target environments to efficiently simulate techniques currently used by APTs and other cyber attackers. OST’s toolkit has coverage for every aspect of an engagement, with tools for initial breach, lateral movements, privilege escalation, achieving persistence, and final exfiltration.  

OST tools specialize in evasion, helping red teamers stay under the radar. For example, tools like Payload Generator deploy anti-forensic features to help evade antivirus and EDR solutions. OST tools also utilize techniques that have not yet been published or weaponized by solutions or services.   

Evasive Red Teaming: Use Cases

Combining OST and Cobalt Strike enables red teams to run advanced attack simulations designed to bypass defensive measures and detection tools with ease. Outflank’s expert red teamers regularly develop new tooling for OST to ensure it is keeping up with attack methodology being seen in the wild.  

The following use cases provide how users can take advantage of the Red Team Bundle: 

Payload generator is used for creating stealthy payloads equipped with anti-forensics and other obfuscation methods for tasks like phishing, privilege escalation, or lateral movements. Users with the Red Team Bundle can export Cobalt Strike payloads through this tool to enrich the evasiveness of the payload.

Outflank C2 (formerly Stage 1) is a lightweight C2 framework focused on OPSEC safety and is ideal for performing reconnaissance and gaining an initial foothold while staying under the radar of antivirus and EDR software. Session passing capabilities enable users to begin an engagement in Outflank C2 and quietly transition to Cobalt Strike for post-exploitation activities.

ShovelNG is a lateral movement toolkit for remote code execution that incorporates specialized techniques for moving undetected throughout the targeted environment. Implemented through BOFs, this tool is easily integrated into Cobalt Strike.

Hidden Desktop enables a full, non-intrusive take over the desktop of a target user, including use of applications and hardware tokens. This custom implementation of “Hidden VNC” can be deployed through Cobalt Strike, all without the user knowing what is happening.

OST offers multiple BOF capabilities for extending Cobalt Strike, including Kerberos interaction, novel coercion techniques, O365 token extraction, and more.

Perform Kerberos actions from a Beacon
Object File (BOF) using a custom ASN.1
decoding implementation.

Ready to Pair Cobalt Strike and OST?

Reach out to one of our experts for pricing information and to find out more about how our Red Team bundle offering will benefit your organization.