Outflank Security Tooling (OST) is dedicated to staying up to date on the latest trends, threats, and techniques. With its innovative cloud delivery platform, OST is designed to maintain a steady development pace, with an average release of one-to-two new tools per quarter as well as regular updates to enhance existing tools. This timeline provides an up-to-date record of our ongoing advancements and includes not only new releases and updates, but also other activities that the research team engages in, such as knowledge sharing sessions that discuss tradecraft, evasion, and other relevant topics.
OST RELEASES
New Tool Release: Cobalt Strike Integrations on Evasive Sleep Mask
Schedule a demo to learn more >
New Tool Release: regcertipy & Updates to Kerneltool
Tool category: Internal Recon
• New tool release: regcertipy – identifying certificate templates via registry updates
Updates:
• Updated Kerneltool with additional supported kernel/OS versions
Schedule a demo to learn more >
Tech Deep Dive Videos for Stage 1 & Windows Kernel Drivers
Release type: Knowledge Sharing
• Added Tech Deep Dive video on Stage 1 automation
• Added Tech Deep Dive video on Windows Kernel Drivers
Schedule a demo to learn more >
Updates to PE Payload Generator & Cobalt Strike Integration UDRL
Release type: Updates
• PE Payload Generator now has a new loader with favorable OPSEC properties
• Cobalt Strike Integration UDRL added new loader, and added YARA bypass information
Schedule a demo to learn more >
Updates to PE Payload Generator, KernelTool & Kernelkatz
Release type: Updates
• PE Payload Generator now supports .node files
• KernelTool and Kernelkatz driver change after update of Microsoft Driver Block List
• KernelTool support for DSE disabling
• KernelKatz enhancements to dump plaintext WDigest Credentials and toggle WDigest support
Release type: Knowledge Sharing
• Added ClockOnce video to Tech DeepDive section
Schedule a demo to learn more >
New tool release: Stage1 v2.4.0
Tool category: Command & Control
• New tool release: Stage1 v2.4.0, brings SOCKS5 support as well as new features and User Experience Improvements
Schedule a demo to learn more >
New tool release: Cobalt Strike Integrations on UDRL
Tool category: Command & Control
• New tool release: Cobalt Strike Integrations on User Defined Reflective Loader
Schedule a demo to learn more >
Q2 2023 Update Review
Release type: Knowledge Sharing
• Q2 2023 update review, walkthrough of most important additions of OST updates in Q2 2023
Schedule a demo to learn more >
New Tool Release: EvilClicky – ClickOnce Payload Generator
New Tool Release: KernelKatz
Tool category: Credential dumping
• New tool release KernelKatz: a BOF for credential dumping via the kernel using a vulnerable krenel driver
Schedule a demo to learn more >
New Tool Release: DumpMstsc & Updates to KerberosAsk, KernelTool, ShovelNG
Tool category: Credential dumping
• New tool release DumpMstsc: a BOF to retrieve passwords from a running mstsc process
Updates:
• New UAC bypass functionality in KerberosAsk, code overhaul in KernelTool and added opsec features in ShovelNG (lateral movement pack)
Schedule a demo to learn more >
Updates to Stage 1 & Opsec/Evasion
Tool category: Command & Control
• Stage 1 new commands & opsec/evasion updates
Schedule a demo to learn more >
Session on EDR Evasion & Opsec
Release type: Knowledge Sharing
• Sharing: session on EDR Evasion & Opsec, recording is available in portal
Schedule a demo to learn more >
Q1 2023 Update Review
Release type: Knowledge Sharing
• Q1 2023 update review, walkthrough of most important additions of OST updates in Q1 2023
Schedule a demo to learn more >
New Tool Release: RPC and Registry Tradecraft
Tool category: Internal Recon
• New tool release RPC and Registry Tradecraft: collection of scripts related to RPC and Windows Registry trickery
Schedule a demo to learn more >
New Tool Release: SideloadTrigger & Updates to Payload Generator, KerberoasAsk
Tool category: Privilege Escalation
• New tool release SideloadTrigger: a BOF used for privesc abusing writeable paths
Updates:
• Payload Generator now has new loaders and ‘predefined payloads’
• KerberoasAsk support for pfx files, PasswordSpy
Schedule a demo to learn more >
Updates: Various cleanup and smaller bug fixed
New tool release: Stage1 v2.0.0
Tool category: Command & Control
• New tool release: Stage 1 v2.0.0, a major overhaull of the Stage1 C2 framework
Schedule a demo to learn more >
Session on latest research ‘The Registry Rundown for Red Teams’
Release type: Knowledge Sharing
• Session on latest research ‘The Registry Rundown for Red Teams’
Schedule a demo to learn more >
Updates to Payload Generator
Release type: Updates
• Payload Generator now also supports DripMemory & ROP Gadgets for EDR evasion
Schedule a demo to learn more >
New Tool Release: KernelTool & Updates to KerberosAsk
Tool category: Kernel Trickery
• New tool release KernelTool: EDR blinding by modifying precoss details abusing a vulnerable driver
Updates:
• KerberosAsk updates allowing for tgtdeleg and S4u
Schedule a demo to learn more >
ShovelNG (Lateral Pack) upgraded with new loaders
Release type: Updates
• ShovelNG (Lateral Pack) upgraded with new loaders