Outflank Security Testing (OST)

What is OST?

Outflank Security Tooling (OST) is a curated, continuously-maintained toolbox of offensive capabilities developed by Outflank’s Red Team experts and packaged by Fortra as an enterprise-grade service. OST gives Red Teams, adversary simulation teams and advanced pen testers access to non-public, highly effective tradecraft and tooling designed to operate safely in sensitive engagements and to bypass common defensive controls. OST is maintained and updated by experienced offensive specialists to reflect evolving attacker techniques.

OST Value Proposition  

• Provide small or mid-size red teams with enterprise-grade offensive capabilities without building and maintaining the full toolkit internally.  
• Deliver OPSEC-safe, documented tools that accelerate time-to-impact for campaigns while minimizing accidental exposure.
• Seamlessly interoperate with Cobalt Strike and extend capabilities when run as part of Red Team Bundles or Advanced Red Team Bundles.  

Key Components & Capabilities  

(OST is continuously updated; below are representative modules listed by Fortra.)  

• Payload Generator — Create advanced, unique payloads with OPSEC and anti-forensic techniques to improve success vs AV/EDR while limiting forensic artifacts.  
• Office Intrusion Pack — High-quality offensive macro tooling for MS Office phishing and initial access; implements recent, non-public techniques to increase delivery and execution success.
• Stego Loader — Hide payloads inside images (steganography) to covertly deliver code — a technique used by advanced threat actors.  
• Lateral Pack — OPSEC-aware lateral movement tooling that helps evade EDR and maintain stealth during post-exploitation activities.  
• Outflank C2 (Formerly Stage 1) — A pre-C2 toolkit for safe reconnaissance and minimal footprint actions before committing to a full C2 implant; useful for making informed trade-offs and avoiding premature detection.  
• HiddenDesktop — Covert interactive control of a target desktop (hidden to the user), enabling GUI-level post-exploitation tasks without visible user disruption.  

Interoperability & Bundles

• Cobalt Strike Integration — OST was developed to work tightly with Cobalt Strike: OST modules (BOFs, reflective DLL techniques, etc.) extend Cobalt Strike’s post-exploitation and operational reach for OPSEC-safe workflows. Combining both technologies increases campaign flexibility and realism.
• Red Team Bundles — Fortra offers bundled licensing/packaging (e.g., Red Team Bundle and Advanced Red Team Bundle) combining OST with Cobalt Strike (and optionally Core Impact) to provide a comprehensive offensive stack, with session passing and tunneling between tools for streamlined operations. These bundles simplify procurement and provide discounted, integrated stacks for advanced testing

Benefits for Red Teams & Customers

• Time & Cost Savings: OST centralizes R&D and maintenance so teams don’t have to re-implement or constantly evolve their own toolchains.  
• Higher Efficacy: Access to non-public, research-grade techniques increases the probability of successful, realistic simulations in mature/defended environments.  
• OPSEC-minded Operations: Tools are designed and documented to reduce accidental detection and operational risk during sensitive engagements.  
• Scalable Firepower: Smaller teams can “punch above their weight” by leveraging Outflank’s R&D, enabling advanced kill-chain phases such as EDR evasion and safe lateral movement.  
• Improved Blue Team Readiness: By using OST in adversary simulations, organizations can expose detection gaps and tune defenses against high-end techniques.  

Typical Use Cases

• Full Red Team engagements simulating APT-style multi-stage campaigns.
• Adversary simulation exercises to validate SOC detections, playbooks and incident response processes.
• Advanced penetration testing in highly defended environments where standard tools fail to surface realistic risk.
• Purple Teaming: run OST techniques in coordinated exercises to train Blue Teams and iterate detection rules.  

Operational & Compliance Considerations

• Governance & Scope: OST contains powerful, offensive capabilities. Every engagement must have clear legal authorizations, rules of engagement, and executive sign-off. (Fortra emphasizes OST is provided as a controlled service to trusted offensive teams.)  
• OPSEC & Safety: OST is explicitly designed to be OPSEC-safe — tools include safeguards and documentation to avoid unintended exposure. However, responsible use and strict control (segregated infrastructure, logging, clean-up plans) remain mandatory.
• Training & Expertise: OST is built by and for seasoned red teamers. Organizations should ensure operators have the skills and maturity to run high-impact campaigns safely.  

Services & Delivery Models

• Bundles & Licensing — Fortra offers combined bundles (OST + Cobalt Strike; OST + Cobalt Strike + Core Impact) to provide a fully integrated offensive stack.  
• Professional Services — Typical offerings include tool onboarding, red team engagements, training, and operational hardening/cleanup best practices. (Outflank’s background & integration within Fortra supports both tooling and services.)  

Short Technical Notes (for operators)

• OST includes payload obfuscation and anti-forensics modes to increase success vs EDR/AV.
• Stego and non-standard delivery channels (e.g., images, macros) are part of the toolset to mimic modern APT delivery methods.
• Pre-C2 tooling helps operators perform reconnaissance and low-footprint actions while deciding whether/when to deploy full C2 implants.

 “OST provides a continuously updated toolkit of OPSEC-safe, advanced offensive capabilities. Integrated with Cobalt Strike and Core Impact, OST lets you run realistic adversary simulations that challenge detection and response at the highest level.”