Outflank B.V.

Clear advice with a hacker mindset. Red Teaming - Digital Attack Simulation - Incident Detection and Response

Amsterdam, Netherlands, EU

Pinned Repositories

C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Language:C1.3k 20 2206
Dumpert
LSASS memory dumper using direct system calls and API unhooking.
Language:C1.5k 37 5248
EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Language:C#2.2k 89 46402
Invoke-ADLabDeployer
Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
Language:PowerShell493 28 072
PrintNightmare
Language:C344 12 269
Ps-Tools
Ps-Tools, an advanced process monitoring toolkit for offensive operations
Language:C356 22 184
Recon-AD
Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
Language:C++332 16 156
RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Language:Python2.5k 79 142387
SharpHide
Tool to create hidden registry keys.
Language:C#487 24 396
Spray-AD
A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
Language:C++441 16 154

Outflank B.V.'s Repositories

outflanknl/RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Language:Python2.5k 79 142387
outflanknl/EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Language:C#2.2k 89 46402
outflanknl/Dumpert
LSASS memory dumper using direct system calls and API unhooking.
Language:C1.5k 37 5248
outflanknl/C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Language:C1.3k 20 2206
outflanknl/SharpHide
Tool to create hidden registry keys.
Language:C#487 24 396
outflanknl/Spray-AD
A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
Language:C++441 16 154
outflanknl/Ps-Tools
Ps-Tools, an advanced process monitoring toolkit for offensive operations
Language:C356 22 184
outflanknl/PrintNightmare
Language:C344 12 269
outflanknl/Recon-AD
Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
Language:C++332 16 156
outflanknl/Excel4-DCOM
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
Language:PowerShell323 27 073
outflanknl/InlineWhispers
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
Language:Assembly318 15 142
outflanknl/Scripts
Small scripts that make life better
Language:Python299 16 476
outflanknl/FindObjects-BOF
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
Language:C273 16 047
outflanknl/edr-internals
Tools for analyzing EDR agents
Language:C++249 11 124
outflanknl/Zipper
Zipper, a CobaltStrike file and folder compression utility.
Language:C224 12 149
outflanknl/WdToggle
A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
219 14 330
outflanknl/HelpColor
Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
210 11 034
outflanknl/Presentations
Presentation material presented by Outflank team members at public events.
190 22 034
outflanknl/TamperETW
PoC to demonstrate how CLR ETW events can be tampered.
Language:C190 13 031
outflanknl/Net-GPPPassword
.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
Language:C#176 11 038
outflanknl/external_c2
POC for Cobalt Strike external C2
Language:C138 7 130
outflanknl/macho-loader
Language:C++85 10 015
outflanknl/nix_bof_template
Beacon Object File (BOF) Template
Language:C556
outflanknl/Training-MSOfficeOffensiveTradecraft
Info related to the Outflank training: Microsoft Office Offensive Tradecraft
52 10 017
outflanknl/unmanaged-dotnet-patch
Modify managed functions from unmanaged code
Language:C++52 11 08
outflanknl/RedELK-workshop
Items related to the RedELK workshop given at security conferences
29 11 07
outflanknl/regcertipy
Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does
Language:Python283
outflanknl/RedFile
Serving files with conditions, serverside keying and more.
Language:Python18 6 15
outflanknl/Invoke-Templator
A PowerShell script to parse the docx/docm file format and update the template location.
Language:PowerShell17 6 07
outflanknl/CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files
Language:C1 1 02