Outflank Security Testing (OST) - View more...

Page 2 of 2: View more...

OST Value Proposition  

• Provide small or mid-size red teams with enterprise-grade offensive capabilities without building and maintaining the full toolkit internally.  
• Deliver OPSEC-safe, documented tools that accelerate time-to-impact for campaigns while minimizing accidental exposure.
• Seamlessly interoperate with Cobalt Strike and extend capabilities when run as part of Red Team Bundles or Advanced Red Team Bundles.  

Key Components & Capabilities  

(OST is continuously updated; below are representative modules listed by Fortra.)  

• Payload Generator — Create advanced, unique payloads with OPSEC and anti-forensic techniques to improve success vs AV/EDR while limiting forensic artifacts.  
• Office Intrusion Pack — High-quality offensive macro tooling for MS Office phishing and initial access; implements recent, non-public techniques to increase delivery and execution success.
• Stego Loader — Hide payloads inside images (steganography) to covertly deliver code — a technique used by advanced threat actors.  
• Lateral Pack — OPSEC-aware lateral movement tooling that helps evade EDR and maintain stealth during post-exploitation activities.  
• Outflank C2 (Formerly Stage 1) — A pre-C2 toolkit for safe reconnaissance and minimal footprint actions before committing to a full C2 implant; useful for making informed trade-offs and avoiding premature detection.  
• HiddenDesktop — Covert interactive control of a target desktop (hidden to the user), enabling GUI-level post-exploitation tasks without visible user disruption.  

Interoperability & Bundles

• Cobalt Strike Integration — OST was developed to work tightly with Cobalt Strike: OST modules (BOFs, reflective DLL techniques, etc.) extend Cobalt Strike’s post-exploitation and operational reach for OPSEC-safe workflows. Combining both technologies increases campaign flexibility and realism.
• Red Team Bundles — Fortra offers bundled licensing/packaging (e.g., Red Team Bundle and Advanced Red Team Bundle) combining OST with Cobalt Strike (and optionally Core Impact) to provide a comprehensive offensive stack, with session passing and tunneling between tools for streamlined operations. These bundles simplify procurement and provide discounted, integrated stacks for advanced testing

Benefits for Red Teams & Customers

• Time & Cost Savings: OST centralizes R&D and maintenance so teams don’t have to re-implement or constantly evolve their own toolchains.  
• Higher Efficacy: Access to non-public, research-grade techniques increases the probability of successful, realistic simulations in mature/defended environments.  
• OPSEC-minded Operations: Tools are designed and documented to reduce accidental detection and operational risk during sensitive engagements.  
• Scalable Firepower: Smaller teams can “punch above their weight” by leveraging Outflank’s R&D, enabling advanced kill-chain phases such as EDR evasion and safe lateral movement.  
• Improved Blue Team Readiness: By using OST in adversary simulations, organizations can expose detection gaps and tune defenses against high-end techniques.  

Typical Use Cases

• Full Red Team engagements simulating APT-style multi-stage campaigns.
• Adversary simulation exercises to validate SOC detections, playbooks and incident response processes.
• Advanced penetration testing in highly defended environments where standard tools fail to surface realistic risk.
• Purple Teaming: run OST techniques in coordinated exercises to train Blue Teams and iterate detection rules.  

Operational & Compliance Considerations

• Governance & Scope: OST contains powerful, offensive capabilities. Every engagement must have clear legal authorizations, rules of engagement, and executive sign-off. (Fortra emphasizes OST is provided as a controlled service to trusted offensive teams.)  
• OPSEC & Safety: OST is explicitly designed to be OPSEC-safe — tools include safeguards and documentation to avoid unintended exposure. However, responsible use and strict control (segregated infrastructure, logging, clean-up plans) remain mandatory.
• Training & Expertise: OST is built by and for seasoned red teamers. Organizations should ensure operators have the skills and maturity to run high-impact campaigns safely.  

Services & Delivery Models

• Bundles & Licensing — Fortra offers combined bundles (OST + Cobalt Strike; OST + Cobalt Strike + Core Impact) to provide a fully integrated offensive stack.  
• Professional Services — Typical offerings include tool onboarding, red team engagements, training, and operational hardening/cleanup best practices. (Outflank’s background & integration within Fortra supports both tooling and services.)  

Short Technical Notes (for operators)

• OST includes payload obfuscation and anti-forensics modes to increase success vs EDR/AV.
• Stego and non-standard delivery channels (e.g., images, macros) are part of the toolset to mimic modern APT delivery methods.
• Pre-C2 tooling helps operators perform reconnaissance and low-footprint actions while deciding whether/when to deploy full C2 implants.

 “OST provides a continuously updated toolkit of OPSEC-safe, advanced offensive capabilities. Integrated with Cobalt Strike and Core Impact, OST lets you run realistic adversary simulations that challenge detection and response at the highest level.”