Outflank B.V.'s Projects
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Situational Awareness commands implemented using Beacon Object Files
Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
LSASS memory dumper using direct system calls and API unhooking.
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
Exploits developped by Outflank B.V. team members
POC for Cobalt Strike external C2
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
A PowerShell script to parse the docx/docm file format and update the template location.
.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
Example DLL to load from Windows NetShell
Clean public password dump files and store in ELK
Presentation material presented by Outflank team members at public events.
Ps-Tools, an advanced process monitoring toolkit for offensive operations
Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Items related to the RedELK workshop given at security conferences
Serving files with conditions, serverside keying and more.
Small scripts that make life better
Tool to create hidden registry keys.
A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
PoC to demonstrate how CLR ETW events can be tampered.
Info related to the Outflank training: Microsoft Office Offensive Tradecraft
Modify managed functions from unmanaged code
A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.