Outflank B.V.

Clear advice with a hacker mindset. Red Teaming - Digital Attack Simulation - Incident Detection and Response

Amsterdam, Netherlands, EU

Pinned Repositories

C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Language:C1.1k 18 2183
Dumpert
LSASS memory dumper using direct system calls and API unhooking.
Language:C1.4k 37 5240
EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Language:C#2.1k 90 46387
Excel4-DCOM
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
Language:PowerShell321 28 075
Invoke-ADLabDeployer
Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
Language:PowerShell474 30 071
PrintNightmare
Language:C331 13 269
Ps-Tools
Ps-Tools, an advanced process monitoring toolkit for offensive operations
Language:C327 23 183
RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Language:Python2.3k 80 140363
SharpHide
Tool to create hidden registry keys.
Language:C#459 25 295
Spray-AD
A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
Language:C++416 17 154

Outflank B.V.'s Repositories

outflanknl/RedELK
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Language:Python2.3k 80 140363
outflanknl/EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Language:C#2.1k 90 46387
outflanknl/Dumpert
LSASS memory dumper using direct system calls and API unhooking.
Language:C1.4k 37 5240
outflanknl/C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Language:C1.1k 18 2183
outflanknl/Invoke-ADLabDeployer
Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
Language:PowerShell474 30 071
outflanknl/SharpHide
Tool to create hidden registry keys.
Language:C#459 25 295
outflanknl/Spray-AD
A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
Language:C++416 17 154
outflanknl/PrintNightmare
Language:C331 13 269
outflanknl/Ps-Tools
Ps-Tools, an advanced process monitoring toolkit for offensive operations
Language:C327 23 183
outflanknl/Excel4-DCOM
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
Language:PowerShell321 28 075
outflanknl/Recon-AD
Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
Language:C++310 16 155
outflanknl/InlineWhispers
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
Language:Assembly298 16 141
outflanknl/Scripts
Small scripts that make life better
Language:JavaScript285 17 475
outflanknl/FindObjects-BOF
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
Language:C266 17 047
outflanknl/WdToggle
A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
213 15 331
outflanknl/Zipper
Zipper, a CobaltStrike file and folder compression utility.
Language:C188 13 148
outflanknl/TamperETW
PoC to demonstrate how CLR ETW events can be tampered.
Language:C187 13 033
outflanknl/HelpColor
Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
185 13 031
outflanknl/Presentations
Presentation material presented by Outflank team members at public events.
176 22 032
outflanknl/Net-GPPPassword
.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
Language:C#161 12 036
outflanknl/edr-internals
Tools for analyzing EDR agents
Language:C++13616
outflanknl/external_c2
POC for Cobalt Strike external C2
Language:C115 7 132
outflanknl/DoH_c2_Trigger
Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
Language:PowerShell54 8 020
outflanknl/unmanaged-dotnet-patch
Modify managed functions from unmanaged code
Language:C++498
outflanknl/Training-MSOfficeOffensiveTradecraft
Info related to the Outflank training: Microsoft Office Offensive Tradecraft
48 10 013
outflanknl/PasswordDump2ELK
Clean public password dump files and store in ELK
Language:Shell37 6 113
outflanknl/RedELK-workshop
Items related to the RedELK workshop given at security conferences
25 11 07
outflanknl/RedFile
Serving files with conditions, serverside keying and more.
Language:Python19 7 14
outflanknl/Invoke-Templator
A PowerShell script to parse the docx/docm file format and update the template location.
Language:PowerShell17 6 07
outflanknl/CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files
Language:C1 1 02