Explore @outflanknl Open Source projects

Outflank B.V. (@outflanknl)

outflanknl

Stars
11,703
Global Org. Rank 1,963 (Top 0.7 %)
Registered over 7 years ago
Most used languages

C
29.2 %

C++
16.7 %

PowerShell
16.7 %

C#
12.5 %

Python
12.5 %

Assembly
4.2 %

JavaScript
4.2 %

Shell
4.2 %
Location 🇳🇱 Netherlands
Country Total Rank 35
Country Ranking

PowerShell
3

Assembly
4

C
5

C#
8

C++
29

Python
36

JavaScript
273

Shell
274

RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

EvilClippy

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

Dumpert

LSASS memory dumper using direct system calls and API unhooking.

C2-Tool-Collection

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

Invoke-ADLabDeployer

Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.

SharpHide

Tool to create hidden registry keys.

Spray-AD

A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.

PrintNightmare

Ps-Tools

Ps-Tools, an advanced process monitoring toolkit for offensive operations

Excel4-DCOM

PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)

Recon-AD

Recon-AD, an AD recon tool based on ADSI and reflective DLL’s

InlineWhispers

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)

Scripts

Small scripts that make life better

FindObjects-BOF

A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

WdToggle

A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.

TamperETW

PoC to demonstrate how CLR ETW events can be tampered.

Zipper

Zipper, a CobaltStrike file and folder compression utility.

HelpColor

Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type

NetshHelperBeacon

Example DLL to load from Windows NetShell

Presentations

Presentation material presented by Outflank team members at public events.

Net-GPPPassword

.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.

external_c2

POC for Cobalt Strike external C2

DoH_c2_Trigger

Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/

Training-MSOfficeOffensiveTradecraft

Info related to the Outflank training: Microsoft Office Offensive Tradecraft

PasswordDump2ELK

Clean public password dump files and store in ELK

unmanaged-dotnet-patch

Modify managed functions from unmanaged code

RedELK-workshop

Items related to the RedELK workshop given at security conferences

Exploits

Exploits developped by Outflank B.V. team members

RedFile

Serving files with conditions, serverside keying and more.

Invoke-Templator

A PowerShell script to parse the docx/docm file format and update the template location.