Outflank B.V.'s repositories
EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Invoke-ADLabDeployer
Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
Excel4-DCOM
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
InlineWhispers
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
FindObjects-BOF
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
edr-internals
Tools for analyzing EDR agents
Presentations
Presentation material presented by Outflank team members at public events.
Net-GPPPassword
.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
external_c2
POC for Cobalt Strike external C2
DoH_c2_Trigger
Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
unmanaged-dotnet-patch
Modify managed functions from unmanaged code
Training-MSOfficeOffensiveTradecraft
Info related to the Outflank training: Microsoft Office Offensive Tradecraft
PasswordDump2ELK
Clean public password dump files and store in ELK
RedELK-workshop
Items related to the RedELK workshop given at security conferences
Invoke-Templator
A PowerShell script to parse the docx/docm file format and update the template location.
CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files