Outflank B.V.

Repositories

• RedELK

  Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

  security elasticsearch kibana logstash monitoring siem elastic
  Python BSD-3-Clause 258 1,516 21 (4 issues need help) 0 Updated May 9, 2021

• EvilClippy

  A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

  excel word malware vba ms-office macro pcode
  C# GPL-3.0 275 1,285 5 1 Updated Feb 3, 2021

• InlineWhispers

  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
  Assembly 15 142 0 0 Updated Jan 13, 2021

• FindObjects-BOF

  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
  C 16 109 0 0 Updated Jan 11, 2021

• Dumpert

  LSASS memory dumper using direct system calls and API unhooking.
  C 156 679 3 1 Updated Jan 5, 2021

• WdToggle

  A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
  C++ 18 141 2 0 Updated Dec 25, 2020

• Ps-Tools

  Ps-Tools, an advanced process monitoring toolkit for offensive operations
  C 66 253 0 0 Updated Dec 1, 2020

• RedFile

  Serving files with conditions, serverside keying and more.
  Python BSD-3-Clause 1 9 1 0 Updated Nov 23, 2020

• Presentations

  Presentation material presented by Outflank team members at public events.
  27 114 0 0 Updated Jun 5, 2020

• TamperETW

  PoC to demonstrate how CLR ETW events can be tampered.
  C 19 112 0 0 Updated Mar 26, 2020

• Spray-AD

  A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
  C++ 41 284 1 0 Updated Feb 23, 2020

• Scripts

  Small scripts that make life better
  JavaScript 68 242 2 0 Updated Jan 27, 2020

• Zipper

  Zipper, a CobaltStrike file and folder compression utility.
  C 45 150 1 0 Updated Jan 18, 2020

• Net-GPPPassword

  .NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
  C# 28 108 0 0 Updated Dec 18, 2019

• SharpHide

  Tool to create hidden registry keys.
  C# 63 286 0 0 Updated Oct 23, 2019

• Recon-AD

  Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
  C++ 40 234 1 0 Updated Oct 20, 2019

• Invoke-Templator

  A PowerShell script to parse the docx/docm file format and update the template location.
  PowerShell 6 14 0 0 Updated Oct 15, 2019

• Excel4-DCOM

  PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
  PowerShell 73 288 0 0 Updated Mar 26, 2019

• Invoke-ADLabDeployer

  Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
  PowerShell BSD-3-Clause 66 411 0 0 Updated Feb 16, 2019

• DoH_c2_Trigger

  Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
  PowerShell 19 49 0 0 Updated Oct 25, 2018

• PasswordDump2ELK

  Clean public password dump files and store in ELK
  Shell 13 33 0 0 Updated Jan 24, 2018

• external_c2

  POC for Cobalt Strike external C2
  C 31 84 0 0 Updated Sep 17, 2017

• Exploits

  Exploits developped by Outflank B.V. team members
  Python 5 11 0 0 Updated Jan 26, 2017

• NetshHelperBeacon

  Example DLL to load from Windows NetShell
  C++ 31 111 0 0 Updated Sep 26, 2016