Outflank B.V.'s repositories
EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Invoke-ADLabDeployer
Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
Excel4-DCOM
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
InlineWhispers
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
FindObjects-BOF
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
Presentations
Presentation material presented by Outflank team members at public events.
Net-GPPPassword
.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
external_c2
POC for Cobalt Strike external C2
DoH_c2_Trigger
Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
Training-MSOfficeOffensiveTradecraft
Info related to the Outflank training: Microsoft Office Offensive Tradecraft
unmanaged-dotnet-patch
Modify managed functions from unmanaged code
PasswordDump2ELK
Clean public password dump files and store in ELK
RedELK-workshop
Items related to the RedELK workshop given at security conferences
Invoke-Templator
A PowerShell script to parse the docx/docm file format and update the template location.
CS-Situational-Awareness-BOF
Situational Awareness commands implemented using Beacon Object Files