Fortra has 3 tools for pen-testers and red-teams. In this blog I quickly go through what each tool does and where it fits within the market. I then provide links to elsewhere on this site for more detailed information.
If you want all 3 products together, then this is known by Fortra as their Advanced Red Team Bundle.
Core Impact
This tool is targeted at pen-testers and is an exploitation framework. This competes in a similar product category to Metasploit.
It is a workbench with a reporting engine, complete audit trail, and exploits that massively speed up the work of a pen-tester. It includes network-level exploits, phishing attacks, and web application exploits, plus other tools like ransomware simulation.
General information here: https://s4applications.uk/fortra/core-impact/
Recorded demo here: https://s4applications.uk/fortra/core-impact-demo/
Core Impact and Cobalt Strike Together
The Core Impact tool is integrated with Cobalt Strike. You will find some demos of this here: https://s4applications.uk/fortra/core-impact-with-cobalt-strike/
This is known by Fortra as their Offensive Security Advanced Bundle.
Cobalt Strike
This is the industry-leading Command and Control (c2) infrastructure. This is used by most red teams (plus most malware) because of its power and EDR evasion technology.
General information and demo here: https://s4applications.uk/fortra/cobalt-strike/
Recorded demo here: https://s4applications.uk/fortra/cobalt-strike/cobalt-strike-demo/
Cobalt Strike and Outflank Together
The Cobalt Strike and OST tools are also integrated together. I don’t have a demo yet, but I hope to soon.
This is known by Fortra as their Red Team Bundle.
Outflank Security Tooling (OST)
OST is a set of 20+ tools that perform tasks that red team members want to do. These range from a Sharpfuscator (hides C# executables from AV/ERD), to Hidden Desktop (an OPSEC safe implementation of hidden Virtual Network Computing), to Stego Loader (embeds a payload in a picture file) and so on.
Several of the individual tools are discussed, with demos on this page: https://s4applications.uk/fortra/outflank-security-tooling-ost-video-demos/
The full set of tools is covered in the PDF which is available on the “OST Tech Overview Document” button on this page: https://s4applications.uk/fortra/outflank-security-tooling-ost/#tech-overview.
