OST - Outflank Security Tooling Datasheet

Evasive Attack Simulation

Engineered by expert red teamers, Outflank Security Tooling (OST) delivers a curated suite of offensive capabilities capable of challenging even the most hardened enterprise environments. 

Leveraging advanced techniques in payload generation, obfuscation, and process injection, OST facilitates the simulation of full-scale attacks, spanning initial compromise through data exfiltration. 

Prioritizing Stealth and Evasion 

Quietly circumventing modern security controls and minimizing detection are crucial parts of successful red team engagements. OST tools are explicitly designed to bypass a range of defensive measures using: 

  • Anti-Forensic Capabilities: PE Payload Generator incorporates anti-forensic features designed to evade endpoint detection and response (EDR) solutions and traditional antivirus software.
  • Advanced Payload Obfuscation: OST prioritizes obfuscation across its suite to maximize stealth. For example, Sharpfuscator employs techniques during C# compilation and Outflank C2 (formerly Stage1) further enhances stealth for other C2 framework payloads.
  • Proprietary Evasion Techniques: Ongoing research and development within the OST framework results in cutting-edge evasion techniques, giving users access to unique weaponization not yet deployed by other solutions. 
PRODUCT SUMMARY

Key Features

  • A broad set of tools for red teams
  • Focus on antivirus and EDR evasion
  • Integrations with other red teaming solutions
  • Tools for every phase of the attack chain
  • Full documentation within application portal
  • Access to the private OST Slack community 

Technical Specifications

  • Cloud delivered platform
  • Web browser interface
  • Locally downloaded payloads

Ongoing Innovation Through Rapid R&D and Active User Community 

Text

Through continuous R&D, Outflank ensures OST consistently incorporates new techniques and capabilities into the toolkit. This dynamic approach allows red teams to simulate modern, advanced attacks and bypass even the most recent security controls.

OST also fosters an active and engaged user community, providing a private Slack channel for knowledge sharing, collaboration, and feedback. Community contributions, like the sharing of evasive configuration presets, provide a unique way for this user community to give one another additional advantages in their operations.  

Use Cases: A Multi-Phase Approach 

Covering every stage of the attack chain, OST enables red teams to conduct anything from focused tasks to end-to-end simulations: 

Initial Compromise and Breaching Perimeter Defenses
Quiet Reconnaissance
Threat Simulation for Cloud Resources
Internal Operations and Expanding Control
Post-Exploitation Actions and Achieving Objectives
Defensive Action Monitoring

Layered Security with OffSec Interoperability

Text

Outflank is interoperable with multiple other red teaming tools to enable operational continuity for multi-stage engagements. Users can even create a structured testing methodology and consolidate vendors by bundling solutions.

Red Teaming Tools 

OST was developed to work in tandem with and extend Fortra’s advanced adversary simulation tool, Cobalt Strike.  

For example, users can integrate directly with Cobalt Strike’s framework through Beacon Object Files (BOFs) and reflective DLL loading techniques. Additionally, Cobalt Strike users can enrich the evasiveness of their payloads using Payload Generator’s obfuscation methods. 

 

Penetration Testing Tools  

OST is also compatible with Fortra's automated penetration testing solution, Core Impact.  

Core Impact users can take advantage of OST's Payload Generator to increase the evasiveness of their payloads. Additionally, OST's Fake Ransom complements Core Impact's ransomware simulator, enhancing its authenticity to better test incident response. 
 

Get Started

Schedule a live demo to see all of OST's features in action.

REQUEST A DEMO