Outflank Security Tooling (OST)

Engineered by expert red teamers, Outflank Security Tooling (OST) delivers a curated suite of offensive capabilities capable of challenging even the most hardened enterprise environments. Leveraging advanced techniques in payload generation, obfuscation, and process injection, OST facilitates the simulation of full-scale attacks, spanning initial compromise through data exfiltration. 

Prioritizing Stealth and Evasion

Quietly circumventing modern security controls and minimizing detection are crucial parts of successful red team engagements. OST tools are explicitly designed to bypass a range of defensive measures using: 

• Anti-Forensic Capabilities: PE Payload Generator incorporates anti-forensic features designed to evade endpoint detection and response (EDR) solutions and traditional antivirus software. 
• Advanced Payload Obfuscation: OST prioritizes obfuscation across its suite to maximize stealth. For example, Sharpfuscator employs techniques during C# compilation and Outflank C2 (formerly Stage1) further enhances stealth for other C2 framework payloads. 
• Proprietary Evasion Techniques: Ongoing research and development within the OST framework results in cutting-edge evasion techniques, giving users access to unique weaponization not yet deployed by other solutions. 

Ongoing Innovation Through Rapid R&D and Active User Community 

Through continuous R&D, Outflank ensures OST consistently incorporates new techniques and capabilities into the toolkit. This dynamic approach allows red teams to simulate modern, advanced attacks and bypass even the most recent security controls. 

OST also fosters an active and engaged user community, providing a private Slack channel for knowledge sharing, collaboration, and feedback. Community contributions, like the sharing of evasive configuration presets, provide a unique way for this user community to give one another additional advantages in their operations.  

Use Cases: A Multi-Phase Approach 

Covering every stage of the attack chain, OST enables red teams to conduct anything from focused tasks to end-to-end simulations: 

• Initial Compromise and Breaching Perimeter Defenses: Achieve initial access to the target network with macro-based Office exploits (Office Intrusion Pack) or steganographic payload delivery within image files (StegoLoader). 
• Quiet Reconnaissance: Deploy a low-profile C2 implant (Outflank C2) to gather basic system information, perform network discovery, and potentially monitor user activity to gain insights into the target. 
• Threat Simulation for Cloud Resources: Run a quick and easy phishing simulation for EntraID Device Codes ( PhisherPrice) or run offensive Intune operation (RoadTune). 
• Internal Operations and Expanding Control: Move within the network and escalate privileges with proprietary lateral movement techniques (Lateral Pack), credential extraction modules (Credential Pack), or DLL hijacking for privilege escalation (DLL Hijack Library). 
• Post-Exploitation Actions and Achieving Objectives: Perform actions on compromised systems to achieve campaign goals with minimal forensic footprint in remote desktop interaction, enabling access to applications, user data, and hardware tokens (HiddenDesktop). 
• Defensive Action Monitoring: Track and react to defensive measures with real-time alerting on Blue Team activity (BlueCheck). 

Layered Security with OffSec Interoperability  

Outflank is interoperable with multiple other red teaming tools to enable operational continuity for multi-stage engagements. Users can even create a structured testing methodology and consolidate vendors by bundling solutions.  

OST is also compatible with Fortra’s automated penetration testing solution, Core Impact. Just as with Cobalt Strike, Core Impact users can take advantage of OST’s Payload Generator to increase the evasiveness of their payloads. Additionally, OST’s Fake Ransom complements Core Impact’s ransomware simulator, enhancing its authenticity to better test incident response.