Introducing Early Cascade Injection: from Windows process creation to stealthy injection By Guido Miggelenbrink at OutflankIntroductionIn this blog post we introduce a novel proce... 2024-10-15 20:3:43 | 阅读: 12 | 收藏 | Outflank Blog - www.outflank.nl injection apc edrs pfnse dllloaded

Will the real #GrimResource please stand up? – Abusing the MSC file format In this blog post we describe how the MSC file format can be leveraged to execute arbitrary code v... 2024-8-13 21:34:59 | 阅读: 14 | 收藏 | Outflank Blog - www.outflank.nl snap msc mmc security pane

Introducing Outflank C2 with Implant Support for Windows, macOS, and Linux We are rebranding our commercial... 2024-8-8 04:59:48 | 阅读: 24 | 收藏 | Outflank Blog - www.outflank.nl c2 outflank implants stage1 windows

EDR Internals for macOS and Linux Many public blogs and conference talks have covered Windows telemetry sources like kernel callback... 2024-6-3 23:56:18 | 阅读: 14 | 收藏 | Outflank Blog - www.outflank.nl agents security ebpf network outflank

OST Release Blog: EDR Tradecraft, Presets, PowerShell Tradecraft, and More Malicious actors continuously deploy new or improved techniques. Red teams must maintain an equall... 2024-4-30 00:15:32 | 阅读: 8 | 收藏 | Outflank Blog - www.outflank.nl ost presets edrs bypass payload

Unmanaged .NET Patching To execute .NET post-exploitation tools safely, operators may want to modify certain managed funct... 2024-2-1 22:0:15 | 阅读: 8 | 收藏 | Outflank Blog - www.outflank.nl unmanaged mscorlib exitptr

Free Training: Microsoft Office Offensive Tradecraft for Red Teamers Copyright © Fortra, LLC and its group of companies. Fortra™, the Fortra™ logos, and other identi... 2023-12-19 18:0:51 | 阅读: 12 | 收藏 | Outflank Blog - www.outflank.nl fortra llc logos marks proprietary

Mapping Virtual to Physical Adresses Using Superfetch With the Bring Your Own Vulnerable Driver (BYOVD) technique popping up in Red Teaming arsenals, we... 2023-12-14 23:12:46 | 阅读: 9 | 收藏 | Outflank Blog - www.outflank.nl memory superfetch windows processes

Reflecting on a Year with Fortra and Next Steps for Outflank When we debuted OST back in 2021, we wrote a blog detailing both the product features and the rati... 2023-11-6 23:15:42 | 阅读: 4 | 收藏 | Outflank Blog - www.outflank.nl ost outflank cobalt fortra development

Listing remote named pipes On Windows, named pipes are a for... 2023-10-19 23:33:32 | 阅读: 5 | 收藏 | Outflank Blog - www.outflank.nl remote windows smbclient c2

Solving The “Unhooking” Problem For avoiding EDR userland hooks, there are many ways to cook an egg:Direct system calls (sysca... 2023-10-5 15:38:13 | 阅读: 4 | 收藏 | Outflank Blog - www.outflank.nl stage1 library loadlibrary c2 python

Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places This is a joint blog written by the Cobalt Strike and Outflank teams. It is also available on the... 2023-7-19 23:19:10 | 阅读: 8 | 收藏 | Outflank Blog - www.outflank.nl cobalt ost outflank beacon tradecraft

So you think you can block Macros? For the purpose of securing Microsoft Office installs we see many of our customers moving to a mac... 2023-4-25 18:30:30 | 阅读: 7 | 收藏 | Outflank Blog - www.outflank.nl macros microsoft security xlam publisher

Attacking Visual Studio for Initial Access In this blog post we will demonstrate how compiling, reverse engineering or even just viewing sour... 2023-3-28 18:6:19 | 阅读: 3 | 收藏 | Outflank Blog - www.outflank.nl library microsoft moniker loadtypelib security

A phishing document signed by Microsoft – part 2 This is the second part of our blog series in which we walk you through the steps of finding and w... 2022-1-7 18:13:16 | 阅读: 5 | 收藏 | Outflank Blog - www.outflank.nl xll xlam excel4 analysis microsoft

A phishing document signed by Microsoft – part 1 This blog post is part of series of two posts that describe weaknesses in Microsoft Excel that cou... 2021-12-9 20:27:34 | 阅读: 6 | 收藏 | Outflank Blog - www.outflank.nl xll microsoft xlam attacker

Our reasoning for Outflank Security Tooling TLDR: We open up our internal toolkit commercially to other red teams. This post explains why.... 2021-4-2 20:26:14 | 阅读: 4 | 收藏 | Outflank Blog - www.outflank.nl ost toolset outflank heavy teaming