Cobalt Strike and Outflank Security Tooling (OST) are two red teaming solutions that enable operators to execute the diverse and varied tasks that each engagement requires. Cobalt Strike provides post-exploitation capabilities through its Beacon payload and malleable C2 framework, while OST is a broad arsenal of offensive security tools that covers the full attack chain with emphasis on evasion techniques.
While both platforms operate as sophisticated standalone solutions, OST was developed to work in tandem with Cobalt Strike, extending the reach of both tools and enabling enhanced capabilities during operations.
Coordinating Red Teaming Tools for Advanced Engagements
Cobalt Strike’s highly flexible command and control directly integrates with OST’s end-to-end toolset through Beacon Object Files (BOFs) and reflective DLL loading techniques, adding functionality like:
- Session Management: Operators can leverage session passing between platforms, enabling seamless transitions between OST’s initial access tools and Cobalt Strike’s post-exploitation framework.
- Centralized Testing Environment: The combined architecture enables advanced post-exploitation tasks while maintaining operational security through tested and validated tool interactions.
- Cohesive Portfolio: Organizations improve efficiency not only with solution interoperability and centralization, but also by having a single point of contact for support of their offensive security strategy.
- Boosted Payloads: Red teams can simplify operations and augment Beacon payloads with OST’s customized User Defined Reflective Loaders (UDRLs) and sleep masks.
Evasive Red Teaming: Technical Use Cases
Combining OST and Cobalt Strike enables red teams to run advanced attack simulations designed to bypass defensive measures and detection tools with ease:
Advanced Payload Operations
Covert Initial Access
Enhanced Movement
Full System Access
Extended Capabilities
Additional Product Features
Empowering Operators with Cobalt Strike
Cobalt Strike enables security professionals to simulate the tactics and techniques of a long-term embedded attacker in an IT environment. Features include:
- Versatile Post-Exploitation: Beacon, Cobalt Strike’s signature payload, can be deployed to quickly expand access and maintain persistence by completing tasks like gathering information, executing commands, and deploying additional payloads.
- Flexible Framework: The malleable C2 framework allows operators to tailor engagements to suit each unique environment through C2 profiles, UDRLs, sleep mask kit, mutator kit, and more.
- Community-Driven Extensions: The Community Kit provides a curated repository of over 100 user-developed extensions, including custom BOFs, aggressor scripts, and post-exploitation modules.
Prioritizing Stealth with OST
OST is a toolkit for red teamers by red teamers, built for performing in mature and sensitive target environments to efficiently simulate techniques currently used by APTs and other cyber attackers. Features include:
- Attack Chain Coverage: Innovative research and a rapid development pace ensures operators are using cutting edge techniques, with over 30 purpose-built tools for initial access, lateral movement, privilege escalation, and exfiltration phases.
- Unique Evasion Tactics: OST tools prioritize advanced anti-forensic techniques and EDR bypass capabilities, including unpublished techniques to avoid detection.
- Advanced Tradecraft Education: Exclusive technical deep dives cover OFFSEC topics including EDR evasion methodologies, Windows Kernel Driver manipulation, Azure AD attack vectors through ROADtools, and Office Security.
Ready to Pair Cobalt Strike and OST?
Reach out to one of our experts for pricing information and to find out more about how our Red Team bundle offering will benefit your organization.