Tradecraft

In order for InfoSec to thrive, sharing knowledge is paramount. As proud members of this community, we have prioritized giving back to the InfoSec community at large since Outflank was first established in 2016. From the outset, we’ve maintained a blog that provides unique and helpful techniques that other red teamers can use in their own engagements.

Members of our specialized team of security experts regularly share research findings with the security community during conferences, including Black Hat, DefCon, x33fcon, DerbyCon, BruCon, and Troopers. Our active Github site houses pdfs of these presentations, along with multiple free tools and other resources.

While we remain committed to routinely sharing insight and information with the InfoSec community, we have also created an exclusive educational component of Outflank Security Tooling (OST). We understand red teamers not only need just tools but also knowledge. In such a fast-paced landscape, providing opportunities for continuing education enables us to share fresh and useful intel, ensuring that our users stay well-informed and ahead of the curve.

OST Knowledge Sharing Sessions

Users of our evasive red team toolset, OST, get access to exclusive content that we share through the user portal. These technical deep dives play a critical role in empowering our users to maximize their engagements and ensure they are using OST to its full potential. The sessions provide valuable information gained from current research projects, expert insights on relevant security topics, and new techniques and tricks to use in future red team engagements. While these sessions may include how to effectively use relevant tooling within OST, they also provide broader information and advice in order to generally elevate operations.

These sessions are recorded and available to users at any time through our OST portal.

A selection of past topics:

• EDR Tradecraft – the team went into the approach, documentation and implementation of the EDR specific knowledge in OST, EDR presets in Payload Generator and the sharing of these by the OST community
• MS Office Offensive Tradecraft – Discusses Microsoft Office security controls and recent developments such as Mark-of-the-Web in detail and demonstrates how offensive techniques can be applied during red teaming operations. Initially a public training course that registered over 1000 participants in a matter of hours, only OST users have access to the recording.
• Attacking Azure– Guest speaker Dirk Jan Mollema shares OPSEC tricks and private tradecraft for Azure AD attacks.
• Stage1 Automation – Overview of how to use the built-in Jupyter notebooks interface in OST’s C2 framework Stage 1 to easily create automations that control your implants.
• Windows Kernel Drivers – A walkthrough of Windows Kernel functionality and how red teamers can abuse it.
• ClickOnce – A demonstration of ClickOnce applications and how they can be compromised to provide initial access.
• EDR and Evasion – An in-depth discussion on the latest advancements in EDRs and how red teamers can bypass them.

Periodic Updates

In addition to these sessions, we record exclusive periodic update videos for our customers, which provide a valuable window into the team’s ongoing efforts. In these sessions, we go in-depth into the latest tool releases, product improvements, and discuss upcoming features. These updates also include Q&A sessions with the the Outflank team with the aim of keeping customers well-informed on the state of OST and providing additional opportunities for users to fully understand the benefits of our toolset. Additionally, by providing video updates, our users not only get written documentation on new and updated tooling, they can see them in action for a visual learning experience.

Documentation

Extensive documentation is also available through the user portal. This documentation not only goes in-depth on how to use the tools effectively, it also provides details on how the tools work on a technical level. By giving a look on how OST works, users can gain a deeper comprehension of the OPSEC aspects of each tool and better understand how it interacts with target environments. This allows operators to use OST more deliberately and effectively throughout their engagements.