Mapping Virtual to Physical Adresses Using Superfetch With the Bring Your Own Vulnerable Driver (BYOVD) technique popping up in Red Teaming arsenals, we... 2023-12-14 23:12:46 | 阅读: 18 | 收藏 | Outflank Blog - outflank.nl memory superfetch windows processes paged

Reflecting on a Year with Fortra and Next Steps for Outflank When we debuted OST back in 2021, we wrote a blog detailing both the product features and the rati... 2023-11-6 23:15:42 | 阅读: 10 | 收藏 | Outflank Blog - outflank.nl ost outflank cobalt fortra development

Listing remote named pipes On Windows, named pipes are a for... 2023-10-19 23:33:32 | 阅读: 22 | 收藏 | Outflank Blog - outflank.nl remote c2 windows smbclient

Solving The “Unhooking” Problem For avoiding EDR userland hooks, there are many ways to cook an egg:Direct system calls (sysca... 2023-10-5 15:38:13 | 阅读: 9 | 收藏 | Outflank Blog - outflank.nl library stage1 c2 loadlibrary python

Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places This is a joint blog written by the Cobalt Strike and Outflank teams. It is also available on the... 2023-7-19 23:19:10 | 阅读: 49 | 收藏 | Outflank Blog - outflank.nl cobalt ost beacon outflank tradecraft

So you think you can block Macros? For the purpose of securing Microsoft Office installs we see many of our customers moving to a ma... 2023-4-25 18:30:30 | 阅读: 15 | 收藏 | Outflank Blog - outflank.nl macros microsoft security xlam xla

Attacking Visual Studio for Initial Access In this blog post we will demonstrate how compiling, reverse engineering or even just viewing sou... 2023-3-28 18:6:19 | 阅读: 22 | 收藏 | Outflank Blog - outflank.nl library moniker microsoft loadtypelib malicious

A phishing document signed by Microsoft – part 2 | January 7, 2022This is the second part of our blog series in which we walk you through... 2022-1-7 18:13:16 | 阅读: 41 | 收藏 | outflank.nl xll xlam excel4 microsoft remote

A phishing document signed by Microsoft – part 1 | December 9, 2021This blog post is part of series of two posts that describe weaknesses... 2021-12-09 21:27:34 | 阅读: 56 | 收藏 | outflank.nl xll microsoft xlam attacker

Our reasoning for Outflank Security Tooling | April 2, 2021TLDR: We open up our internal toolkit commercially to other red teams. Th... 2021-04-02 21:26:14 | 阅读: 192 | 收藏 | outflank.nl ost toolset outflank heavy teaming

Catching red teams with honeypots part 1: local recon | March 3, 2021This post is the first part of a series in which we will cover the concep... 2021-03-04 00:16:10 | 阅读: 128 | 收藏 | outflank.nl windows attacker sacl configuring applocker

Direct Syscalls in Beacon Object Files | December 26, 2020In this post we will explore the use of direct system calls within Co... 2020-12-26 19:47:08 | 阅读: 206 | 收藏 | outflank.nl beacon assembler cobalt syswhispers

RedELK Part 3 – Achieving operational oversight | April 7, 2020This is part 3 of a multipart blog series on RedELK: Outflank’s open sour... 2020-04-08 00:08:18 | 阅读: 108 | 收藏 | outflank.nl redelk c2 cobalt beacon redirector

Mark-of-the-Web from a red team’s perspective | March 30, 2020Zone Identifier Alternate Data Stream information, commonly referred to... 2020-03-30 18:37:57 | 阅读: 125 | 收藏 | outflank.nl motw security windows payload alternate

Red Team Tactics: Advanced process monitoring techniques in offensive operations | March 11, 2020In this blog post we are going to explore the power of well-known proces... 2020-03-12 03:44:20 | 阅读: 97 | 收藏 | outflank.nl processes security loaded network cobalt

RedELK Part 2 – getting you up and running | February 28, 2020This is part 2 of a multipart blog series on RedELK: Outflank’s open... 2020-02-28 22:58:52 | 阅读: 114 | 收藏 | outflank.nl redelk c2 redir filebeat

Abusing the SYLK file format | October 30, 2019This blog is about the SYLK file format, a file format from the 1980s... 2019-10-30 18:10:06 | 阅读: 98 | 收藏 | outflank.nl sylk macros security slk shellcode

Publications | Outflank | June 19, 2019In this blog post we will explore the use of direct system calls, restore... 2019-06-22 00:40:21 | 阅读: 252 | 收藏 | outflank.nl memory dumpert shellcode windows srdi