Skip to content

@outflanknl Outflank B.V.

Change the repository type filter

All

    Repositories list

    34 repositories

    • RedELK

      Public
      Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
      securityelasticsearchkibanalogstashmonitoringsiemelasticred-teaming
      Python
      BSD 3-Clause "New" or "Revised" License
      3702.4k273Updated Sep 10, 2024Sep 10, 2024

    • macho-loader

      Public
      C++
      85600Updated Sep 5, 2024Sep 5, 2024

    • linux_bof_template

      Public
      ELF Beacon Object File (BOF) Template
      C
      Apache License 2.0
      23200Updated Aug 15, 2024Aug 15, 2024

    • Presentations

      Public
      Presentation material presented by Outflank team members at public events.
      3417800Updated Jun 16, 2024Jun 16, 2024

    • edr-internals

      Public
      Tools for analyzing EDR agents
      C++
      GNU General Public License v3.0
      2020800Updated Jun 10, 2024Jun 10, 2024

    • Training-MSOfficeOffensiveTradecraft

      Public
      Info related to the Outflank training: Microsoft Office Offensive Tradecraft
      145100Updated May 16, 2024May 16, 2024

    • HelpColor

      Public
      Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
      BSD 3-Clause "New" or "Revised" License
      3218900Updated Mar 18, 2024Mar 18, 2024

    • unmanaged-dotnet-patch

      Public
      Modify managed functions from unmanaged code
      C++
      MIT License
      84900Updated Feb 1, 2024Feb 1, 2024

    • EvilClippy

      Public
      A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
      excelwordmalwarepcodestompingvbams-officemacro
      C#
      GNU General Public License v3.0
      3942.1k183Updated Dec 27, 2023Dec 27, 2023

    • C2-Tool-Collection

      Public
      A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
      C
      1951.1k12Updated Oct 27, 2023Oct 27, 2023

    • RedELK-workshop

      Public
      Items related to the RedELK workshop given at security conferences
      72700Updated Sep 28, 2023Sep 28, 2023

    • FindObjects-BOF

      Public
      A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
      4726601Updated May 3, 2023May 3, 2023

    • WdToggle

      Public
      A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
      3121331Updated May 3, 2023May 3, 2023

    • CS-Situational-Awareness-BOF

      Public
      Situational Awareness commands implemented using Beacon Object Files
      C
      GNU General Public License v2.0
      217100Updated Jan 27, 2023Jan 27, 2023

    • RedFile

      Public
      Serving files with conditions, serverside keying and more.
      Python
      BSD 3-Clause "New" or "Revised" License
      41810Updated May 26, 2022May 26, 2022

    • Spray-AD

      Public
      A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
      C++
      5542412Updated Apr 1, 2022Apr 1, 2022

    • InlineWhispers

      Public
      Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
      Assembly
      4130810Updated Nov 9, 2021Nov 9, 2021

    • PrintNightmare

      Public
      C
      6933220Updated Sep 13, 2021Sep 13, 2021

    • external_c2

      Public
      POC for Cobalt Strike external C2
      C
      3412100Updated Sep 6, 2021Sep 6, 2021

    • Dumpert

      Public
      LSASS memory dumper using direct system calls and API unhooking.
      C
      2431.5k51Updated Jan 5, 2021Jan 5, 2021

    • Ps-Tools

      Public
      Ps-Tools, an advanced process monitoring toolkit for offensive operations
      C
      8332900Updated Dec 1, 2020Dec 1, 2020

    • TamperETW

      Public
      PoC to demonstrate how CLR ETW events can be tampered.
      C
      3318500Updated Mar 26, 2020Mar 26, 2020

    • Scripts

      Public
      Small scripts that make life better
      JavaScript
      7529040Updated Jan 27, 2020Jan 27, 2020

    • Zipper

      Public
      Zipper, a CobaltStrike file and folder compression utility.
      C
      4818910Updated Jan 18, 2020Jan 18, 2020

    • Net-GPPPassword

      Public
      .NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
      C#
      3616500Updated Dec 18, 2019Dec 18, 2019

    • SharpHide

      Public
      Tool to create hidden registry keys.
      C#
      9446520Updated Oct 23, 2019Oct 23, 2019

    • Recon-AD

      Public
      Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
      C++
      5531610Updated Oct 20, 2019Oct 20, 2019

    • Invoke-Templator

      Public
      A PowerShell script to parse the docx/docm file format and update the template location.
      PowerShell
      71700Updated Oct 15, 2019Oct 15, 2019

    • Excel4-DCOM

      Public
      PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
      PowerShell
      7432100Updated Mar 26, 2019Mar 26, 2019

    • Invoke-ADLabDeployer

      Public
      Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
      PowerShell
      BSD 3-Clause "New" or "Revised" License
      7247900Updated Feb 16, 2019Feb 16, 2019