Outflank Security Tooling (OST)

NOTE:

This is a condensed version of the release notes. Full technical release notes with bug fixes and under-the-hood enhancements are available to OST customers via the portal.

May 2024

8 May 2024

Command and Control

Low level SpawnAs implementation based on novel research, which also serves as a UAC bypass at Stage 1.

Updates

Enhanced OPSEC on PE Payload Generator, Stage1, and ShovelNG: evading EDR emulation.
Under the hood quality of life improvements and bug fixes.

April 2024

11 April 2024

EDR evasion

Ported evasive features towards ShovelNG (Lateral movement) and addition of new EDR presets

Command & Control

Major performance enhancement of Socks.

Updates

New tool release: a Keylogger and capability for remote command execution over WSMan.
Added a new relaying research.
Updates to various Misc tools to support new Windows versions, features, bugfixes etc.

March 2024

20 March 2024

EDR Evasion

This release is the result of several man-months of research on stealthiness and evasion.
Due to tweaked remote process injection techniques, smarter unhooking and a new sleep mask, OST tools PE Payload Generator, Stage 1 C2 and Lateral Pack's Shovel NG are now even better equipped to bypass major EDRs.

7 March 2024

EDR evasion

Extended EDR info and presets for now a total of 6 major EDRs.
Added the cheat sheet of the 'OPSEC tricks for attacking Azure AD with ROADtools' recording.

Updates

Under the hood improvements and bug fixes.

February 2024

19 February 2024

PowerShell Tradecraft and new OPSEC features:

PSPipeJack: a new tool using a novel lateral movement technique abusing tricks in PowerShell that brings back PowerShell for red teamers. Can be used as dedicate tool, in Stage 1 C2 or in Cobalt Strike
PowerShell support in Stage 1 C2 with obvious security bypasses

January 2024

31 January 2024

Tech DeepDive Recording

Microsoft Office Offensive Tradecraft: A recording of a public office tradecraft training.

EDR Evasion / Payload generator & documentation

Two new PE Payload Generator EDR presets.

17 January 2024

EDR Evasion / Payload generator & documentation

Payload generator provides guidance on configuration options for specific EDRs.
Documentation enhanced with technical details on evasion, strategies and how to best use OST.

Updates:

Minor bugfixes for Stage1 & EvilClicky.

December 2023

20 December 2023

Out-phase/Exfiltration

HiddenDesktop v2: Complete rewrite, BOF format and various new functionality
New feature in Stage 1: Reverse Port Forwarding (Enabling hiddenDesktop via Stage1)

11 Decmber 2023

Misc / Privilege Escalation

Added exploit for Ivanti Secure Access (previously Pulse Secure) VPN client (CVE-2023-35080) in Misc

November 2023

29 November 2023

Lateral movement & Cloud

Enhanced ShovelNG (lateral movement) for increased evasion/opsec
Tech DeepDive Recording: OPSEC tricks for attacking Azure AD with ROADtools from Dirk-Jan Mollema.

8 November 2023

Command & Control

Stage 1 new configurable Sleep Masks
Cobalt Strike Integrations update: New evasive Sleep Mask added

Updates

Outflank C2 Tool Collection updates including 3 new tools
Extended support for arbitrary .NET projects

October 2023

10 October 2023

Command & Control

New Tool Release: Cobalt Strike Integrations on Evasive Sleep Mask

3 October 2023

Internal Recon

New tool release: regcertipy - identifying certificate templates via registry Updates
Updated Kerneltool with additional supported kernel/OS versions

September 2023

6 September 2023

Knowledge Sharing

Added Tech Deep Dive video on Stage 1 automation
Added Tech Deep Dive video on Windows Kernel Drivers

August 2023

16 August 2023

Updates

PE Payload Generator now has a new loader with favorable OPSEC properties
Cobalt Strike Integration UDRL added new loader, and added YARA bypass information

July 2023

26 July 2023

Updates

PE Payload Generator now supports .node files
KernelTool and Kernelkatz driver change after update of Microsoft Driver Block List
kernelTool support for DSE disabling
KernelKatz enhancements to dump plaintext WDigest Credentials and toggle WDigest support

Knowledge Sharing

added ClockOnce video to Tech DeepDive section

19 July 2023

Command & Control

New tool release: Stage1 v2.4.0, brings SOCKS5 support as well as new features and User Experience Improvements

5 July 2023

Command & Control

New tool release: Cobalt Strike Integrations on User Defined Reflective Loader

June 2023

26 June 2023

Knowledge Sharing

Q2 2023 update review, walkthrough of most important additions of OST updates in Q2 2023

21 June 2023

Initial Access

New tool release EvilClicky: ClickOnce payload generator

May 2023

10 May 2023

Credential dumping

New tool release KernelKatz: a BOF for credential dumping via the kernel using a vulnerable krenel driver

April 2023

26 April 2023

Credential Dumping

New tool release DumpMstsc: a BOF to retrieve passwords from a running mstsc process

26 April 2023

Updates

New UAC bypass functionality in KerberosAsk, code overhaul in KernelTool and added opsec features in ShovelNG (lateral movement pack)

12 April 2023

Command & Control

Stage 1 new commands & opsec/evasion updates

06 April 2023

Knowledge Sharing

Sharing: session on EDR Evasion & Opsec, recording is available in portal

March 2023

16 March 2023

Knowledge Sharing

Q1 2023 update review, walkthrough of most important additions of OST updates in Q1 2023

12 March 2023

Internal Recon

New tool release RPC and Registry Tradecraft: collection of scripts related to RPC and Windows Registry trickery

07 March 2023

Updates

Payload Generator now has new loaders and 'predefined payloads'

07 March 2023

Updates

KerberoasAsk support for pfx files, PasswordSpy

07 March 2023

Privilege Escalation

New tool release SideloadTrigger: a BOF used for privesc abusing writeable paths

01 March 2023

Updates

Various cleanup and smaller bugfixed

February 2023

16 February 2023

Command & Control

New tool release: Stage1 v2.0.0, a major overhaull of the Stage1 C2 framework

09 February 2023

Knowledge Sharing

Session on latest research 'The Registry Rundown for Red Teams'

01 February 2023

Updates

Payload Generator now also supports DripMemory & ROP Gadgets fore EDR evasion

January 2023

18 January 2023

Kernel Trickery

New tool release KernelTool: EDR blinding by modifying precoss details abusing a vulnerable driver driver

18 January 2023

Updates

KerberosAsk updates allowing for tgtdeleg and S4u

09 January 2023

Updates

ShovelNG (Lateral Pack) upgraded with new loaders

Back to Outflank Products

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
Last Published: 202405150100