Outflank Security Tooling (OST) - Customer Testimonials
OST is a set of private offensive security tools created by the red teaming specialists of Outflank available for use by vetted red teams.
OST is a powerful toolbox made by red teamers for red teams.
Read more from the feedback of OST customers:
Vectra
Wim Vandebroeck is an Offensive Security Engineer at Vectra in Belgium. His expertise centers on creating and executing custom adversary scenarios in client environments, aimed at identifying and addressing crucial security gaps.
Wim Vandebroeck and OST
“In the dynamic and often challenging world of red team operations, finding tools that not only work effectively but also save time is a gamechanger. That’s precisely what OST has done for me at Vectra. Their commitment to thorough research and the development of practical solutions is evident in the quality of their offerings.
As a red team operator, one of the most time-consuming tasks is coding and tweaking scripts to bypass EDR. It’s a crucial part of the job, but it’s also incredibly resource-intensive. OST has significantly streamlined this process. Their solutions are well-researched and robust, allowing us to focus more on the strategic aspects of our operations rather than getting bogged down in endless coding.
What stands out about OST is their understanding of the red team’s needs. They’ve managed to create a suite of tools that not only addresses the technical demands of evading modern EDR systems but also simplifies these processes. This efficiency gain is invaluable, as it means we can spend our time where it matters most – planning and executing effective security scenarios for our clients.
In summary
OST has been a vital asset in enhancing our red team capabilities. Their blend of in-depth research and practical, user-friendly solutions has made a significant difference in our day-to-day operations, making the life of a red team operator like myself easier and more efficient.”
Bulletproof Cyber Security
Dominic Mortimer is a red Team Specialist at Bulletproof, with multiple years of experience delivering Red Team engagements across numerous sectors. He created and developed multiple testing teams and toolsets to deliver successful engagements against some of the top defensive suites
Dominic Mortimer and OST
OST has been phenomenal. Building out Red Team services, team members and managing successful operations is hard enough without having to constantly handle ongoing research and development cycles. With OST we can utilise our own tooling and other open-source tools within a superbly powerful platform, with continually evolving capabilities, that allows us to focus on delivering the best engagements possible for our clients. It has acted as a force multiplier allowing us to maintain a high tempo of delivery no matter what defences we are up against.
The toolset also goes beyond just tools. Being a member of the OST community gives some amazing insights and a direct point of contact to the creators to discuss approaches and ideas, Recent, new updates to the portals have enhanced this by creating even easier ways to share information back into the OST community
To summarise, OST delivers where few others have, by not only providing a single tool or C2 but a complete suite of resources to deliver modern red teams, alongside a vetted and knowledgeable community. I honestly don’t think there is another comparable product on the market that feels this matured and reliable.
Learn more about Outflank Security Tooling (OST)
- OST is a powerful toolbox made by red teamers for red teams.
- Essential toolkit for anyone involved in Red teaming, Penetration testing, or Vulnerability assessment
- OST was developed to work in tandem with Fortra’s advanced adversary simulation tool, Cobalt Strike and automated penetration testing solution, Core Impact.
- Let us know if you want to receive an invitation to the OST webinar to get your very own introduction and demonstration of the power of Outflank Security Tooling.
CDW
Tyler Booth is a principal offensive security consultant at CDW in the USA. He has over a decade experience in offensive security. He created and built out CDW’s Adversary Simulation services (red/purple team) that they deliver to our customers. He spend a lot of time doing internal R&D work, tool dev, infrastructure management, etc.
Tyler Booth and OST
“There are a few reasons why I sought out Outflank and OST. Primarily, I just know they do great work and publish research that found pretty compelling. I was scrolling through their services and saw a reference to OST, read the slides they had published, and decided that I had to see a demo of the tooling in action. Specifically, I really wanted to see how they did the Hidden Desktop stuff because it sounded like an interesting piece of tradecraft and apparently it worked differently than the standard HVNC variants you see in the wild.
Anyway, we decided that even if we do research work and tool dev, it’s just too costly for us to maintain internal projects when we have so much billable consulting work to do. I really looked at OST as a toolkit that really augmented our own internal tooling and allowed us to focus more on delivering consistent engagements – not spending all of our time during an operation maintaining our own internal payload generation frameworks or writing our own UDRLs for Cobalt Strike. We make an effort to use everything OST has provided us from Stage1 to some of the miscellaneous tools that really make things easier for an operator.
Surprisingly, the sleeper hit in OST isn’t even the tooling itself (which is very good), but the technical deep dives with the Outflank team, the documentation, and honestly the community engagement. There are a lot of different red teams who support each other in the slack channel, share some tradecraft, and it seems like most people there just want to prop others up.
One of our biggest initial concerns was how much support we’d receive – especially since we’re in vastly different time zones and it’s a hosted service. For example, there are some hiccups that occur every now and then; maybe something in the portal breaks or you find a bug in one of the tools. As soon as you report it, the Outflank team is already on-top of the issue and pushing patches. This really exceeded our expectations from that standpoint.
In summary
▸ Outflank Security Tooling is a great asset to support operations.
▸ Documentation and technical deep dives are great ways to learn new tradecraft.
▸ Support is solid and the product is ever changing/improving.”
Secura
Ralph Moonen is Technical Director at Secura, a leading Dutch company specializing in offensive security and security assessments. Secura has around 80 ethical hackers and red teamers that perform over 1000 projects every year.
Ralph Moonen and OST
OST enables a complete service line in our portfolio. It allows us to concentrate on performing adversary simulation and red teaming, in addition to our more traditional pentesting and vulnerability assessment work. Since we have limited software development capabilities, we would not be able to get to the same level as OST. We know this because we tried and failed.
In short: OST allows us to deliver Red Teaming services efficiently and effectively and it is therefore a key tool for us.
In fact, we were so happy with the work of the Outflank team, that when our team discovered novel ways to bypass detection mechanisms, we asked the OST team to implement them, and they did. This commitment to customer satisfaction is unparalleled.