Outflank Security Tooling (OST)

NOTE:

This is a condensed version of the release notes. Full technical release notes with bug fixes and under-the-hood enhancements are available to OST customers via the portal.

September

11 September 2024
EarlyCascade Injection in Payload Generator
  • Added a novel injection technique called 'EarlyCascade'.
  • Added 'freeze' as a new process creation method.
  • New 'Embed in section' option.
  • Relative local paths are now supported.
Updates
  • Bugfixes in Payload Generator, Outflank C2 (formerly Stage1), and in the OST portal.

August

19 August 2024
something here
BeaconBooster CS 4.10 Compatibility
  • Updated Beacon Booster's Sleep Masks for compatibility with the new version of Cobalt Strike.
  • Added address spoofing for Beacon Gate.

July

17 July 2024
New Tool Release: PhisherPrice
  • This new tool adds to OST capabilities for attacking EntraID device code flow.
Updates
  • Bugfixes in KerberosAsk
  • Various infrastructure changes
3 July 2024
Evasion
  • Windows defender sandbox detection for Cobalt Strike and Stage1 C2.

Stage 1 C2
  • Update for KernelCallbackTables injection and Module Stomping.

  • Bugfix in webportal.

June 2024

25 June 2024
Payload Generator
  • 4 new EDR presets (community contributions)
Stage 1 C2
  • Bugfix
8 June 2024
Updates
  • New CreateService BOF for creating, stopping, and deleting services.
  • Updated various tools like WdToggle and In-phase builder.

May 2024

24 May 2024
Initial Access
  • New tool release: In-Phase Builder (BETA) is a new tool for generating initial access payloads in different formats optimized for OPSEC.
8 May 2024
Command and Control
  • Low level SpawnAs implementation based on novel research, which also serves as a UAC bypass at Stage 1.
Updates
  • Enhanced OPSEC on PE Payload Generator, Stage1, and ShovelNG: evading EDR emulation.

  • Under the hood quality of life improvements and bug fixes.

April 2024

11 April 2024
EDR evasion
  • Ported evasive features towards ShovelNG (Lateral movement) and addition of new EDR presets
Command & Control
  • Major performance enhancement of Socks.
Updates
  • New tool release: a Keylogger and capability for remote command execution over WSMan.
  • Added a new relaying research.
  • Updates to various Misc tools to support new Windows versions, features, bugfixes etc.

March 2024

20 March 2024
EDR Evasion
  • This release is the result of several man-months of research on stealthiness and evasion.
  • Due to tweaked remote process injection techniques, smarter unhooking and a new sleep mask, OST tools PE Payload Generator, Stage 1 C2 and Lateral Pack's Shovel NG are now even better equipped to bypass major EDRs.
7 March 2024
EDR evasion
  • Extended EDR info and presets for now a total of 6 major EDRs.
  • Added the cheat sheet of the 'OPSEC tricks for attacking Azure AD with ROADtools' recording.
Updates
  • Under the hood improvements and bug fixes.

February 2024

19 February 2024
PowerShell Tradecraft and new OPSEC features:
  • PSPipeJack: a new tool using a novel lateral movement technique abusing tricks in PowerShell that brings back PowerShell for red teamers. Can be used as dedicate tool, in Stage 1 C2 or in Cobalt Strike
  • PowerShell support in Stage 1 C2 with obvious security bypasses

January 2024

31 January 2024
Tech DeepDive Recording
  • Microsoft Office Offensive Tradecraft: A recording of a public office tradecraft training.
EDR Evasion / Payload generator & documentation
  • Two new PE Payload Generator EDR presets.
17 January 2024
EDR Evasion / Payload generator & documentation
  • Payload generator provides guidance on configuration options for specific EDRs.
  • Documentation enhanced with technical details on evasion, strategies and how to best use OST.
Updates:
  • Minor bugfixes for Stage1 & EvilClicky.

December 2023

20 December 2023
Out-phase/Exfiltration
  • HiddenDesktop v2: Complete rewrite, BOF format and various new functionality
  • New feature in Stage 1: Reverse Port Forwarding (Enabling hiddenDesktop via Stage1)
11 Decmber 2023
Misc / Privilege Escalation
  • Added exploit for Ivanti Secure Access (previously Pulse Secure) VPN client (CVE-2023-35080) in Misc

November 2023

29 November 2023
Lateral movement & Cloud
  • Enhanced ShovelNG (lateral movement) for increased evasion/opsec
  • Tech DeepDive Recording: OPSEC tricks for attacking Azure AD with ROADtools from Dirk-Jan Mollema.
8 November 2023
Command & Control
  • Stage 1 new configurable Sleep Masks
  • Cobalt Strike Integrations update: New evasive Sleep Mask added
Updates
  • Outflank C2 Tool Collection updates including 3 new tools

  • Extended support for arbitrary .NET projects

October 2023

10 October 2023
Command & Control
  • New Tool Release: Cobalt Strike Integrations on Evasive Sleep Mask
3 October 2023
Internal Recon
  • New tool release: regcertipy - identifying certificate templates via registry Updates
  • Updated Kerneltool with additional supported kernel/OS versions

September 2023

6 September 2023
Knowledge Sharing
  • Added Tech Deep Dive video on Stage 1 automation
  • Added Tech Deep Dive video on Windows Kernel Drivers

August 2023

16 August 2023
Updates
  • PE Payload Generator now has a new loader with favorable OPSEC properties
  • Cobalt Strike Integration UDRL added new loader, and added YARA bypass information

July 2023

26 July 2023
Updates
  • PE Payload Generator now supports .node files
  • KernelTool and Kernelkatz driver change after update of Microsoft Driver Block List
  • kernelTool support for DSE disabling
  • KernelKatz enhancements to dump plaintext WDigest Credentials and toggle WDigest support
Knowledge Sharing
  • added ClockOnce video to Tech DeepDive section
19 July 2023
Command & Control
  • New tool release: Stage1 v2.4.0, brings SOCKS5 support as well as new features and User Experience Improvements
5 July 2023
Command & Control
  • New tool release: Cobalt Strike Integrations on User Defined Reflective Loader

June 2023

26 June 2023
Knowledge Sharing
  • Q2 2023 update review, walkthrough of most important additions of OST updates in Q2 2023
21 June 2023
Initial Access
  • New tool release EvilClicky: ClickOnce payload generator

May 2023

10 May 2023
Credential dumping
  • New tool release KernelKatz: a BOF for credential dumping via the kernel using a vulnerable krenel driver

April 2023

26 April 2023
Credential Dumping
  • New tool release DumpMstsc: a BOF to retrieve passwords from a running mstsc process
26 April 2023
Updates
  • New UAC bypass functionality in KerberosAsk, code overhaul in KernelTool and added opsec features in ShovelNG (lateral movement pack)
12 April 2023
Command & Control
  • Stage 1 new commands & opsec/evasion updates
06 April 2023
Knowledge Sharing
  • Sharing: session on EDR Evasion & Opsec, recording is available in portal

March 2023

16 March 2023
Knowledge Sharing
  • Q1 2023 update review, walkthrough of most important additions of OST updates in Q1 2023
12 March 2023
Internal Recon
  • New tool release RPC and Registry Tradecraft: collection of scripts related to RPC and Windows Registry trickery
07 March 2023
Updates
  • Payload Generator now has new loaders and 'predefined payloads'
07 March 2023
Updates
  • KerberoasAsk support for pfx files, PasswordSpy
07 March 2023
Privilege Escalation
  • New tool release SideloadTrigger: a BOF used for privesc abusing writeable paths
01 March 2023
Updates
  • Various cleanup and smaller bugfixed

February 2023

16 February 2023
Command & Control
  • New tool release: Stage1 v2.0.0, a major overhaull of the Stage1 C2 framework
09 February 2023
Knowledge Sharing
  • Session on latest research 'The Registry Rundown for Red Teams'
01 February 2023
Updates
  • Payload Generator now also supports DripMemory & ROP Gadgets fore EDR evasion

January 2023

18 January 2023
Kernel Trickery
  • New tool release KernelTool: EDR blinding by modifying precoss details abusing a vulnerable driver driver
18 January 2023
Updates
  • KerberosAsk updates allowing for tgtdeleg and S4u
09 January 2023
Updates
  • ShovelNG (Lateral Pack) upgraded with new loaders

 

Back to Outflank Products