{"payload":{"pageCount":2,"repositories":[{"type":"Public","name":"RedELK","owner":"outflanknl","isFork":false,"description":"Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.","allTopics":["security","elasticsearch","kibana","logstash","monitoring","siem","elastic","red-teaming"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":5,"issueCount":26,"starsCount":2335,"forksCount":369,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":[0,0,0,0,0,0,11,0,2,1,8,2,0,1,0,2,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-07-27T14:14:25.328Z"}},{"type":"Public","name":"Presentations","owner":"outflanknl","isFork":false,"description":"Presentation material presented by Outflank team members at public events.","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":177,"forksCount":34,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-16T18:31:04.127Z"}},{"type":"Public","name":"edr-internals","owner":"outflanknl","isFork":false,"description":"Tools for analyzing EDR agents","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":189,"forksCount":20,"license":"GNU General Public License v3.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-10T10:59:28.694Z"}},{"type":"Public","name":"Training-MSOfficeOffensiveTradecraft","owner":"outflanknl","isFork":false,"description":"Info related to the Outflank training: Microsoft Office Offensive Tradecraft","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":49,"forksCount":13,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-05-16T14:06:04.327Z"}},{"type":"Public","name":"HelpColor","owner":"outflanknl","isFork":false,"description":"Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":187,"forksCount":31,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-03-18T08:33:21.459Z"}},{"type":"Public","name":"unmanaged-dotnet-patch","owner":"outflanknl","isFork":false,"description":"Modify managed functions from unmanaged code","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":50,"forksCount":8,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-02-01T14:01:39.610Z"}},{"type":"Public","name":"EvilClippy","owner":"outflanknl","isFork":false,"description":"A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.","allTopics":["excel","word","malware","pcode","stomping","vba","ms-office","macro"],"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":3,"issueCount":18,"starsCount":2092,"forksCount":393,"license":"GNU General Public License v3.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-12-27T12:37:47.266Z"}},{"type":"Public","name":"C2-Tool-Collection","owner":"outflanknl","isFork":false,"description":"A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":2,"issueCount":1,"starsCount":1086,"forksCount":187,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-10-27T14:16:17.783Z"}},{"type":"Public","name":"RedELK-workshop","owner":"outflanknl","isFork":false,"description":"Items related to the RedELK workshop given at security conferences","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":25,"forksCount":7,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-09-28T06:24:21.555Z"}},{"type":"Public","name":"FindObjects-BOF","owner":"outflanknl","isFork":false,"description":"A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","allTopics":[],"primaryLanguage":null,"pullRequestCount":1,"issueCount":0,"starsCount":266,"forksCount":47,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-05-03T19:52:08.551Z"}},{"type":"Public","name":"WdToggle","owner":"outflanknl","isFork":false,"description":"A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","allTopics":[],"primaryLanguage":null,"pullRequestCount":1,"issueCount":3,"starsCount":213,"forksCount":31,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-05-03T19:51:43.930Z"}},{"type":"Public","name":"CS-Situational-Awareness-BOF","owner":"outflanknl","isFork":true,"description":"Situational Awareness commands implemented using Beacon Object Files","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":209,"license":"GNU General Public License v2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-01-27T18:01:12.147Z"}},{"type":"Public","name":"RedFile","owner":"outflanknl","isFork":false,"description":"Serving files with conditions, serverside keying and more.","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":1,"starsCount":19,"forksCount":4,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-05-26T06:56:01.928Z"}},{"type":"Public","name":"Spray-AD","owner":"outflanknl","isFork":false,"description":"A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":2,"issueCount":1,"starsCount":419,"forksCount":55,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-04-01T07:03:39.884Z"}},{"type":"Public","name":"InlineWhispers","owner":"outflanknl","isFork":false,"description":"Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","allTopics":[],"primaryLanguage":{"name":"Assembly","color":"#6E4C13"},"pullRequestCount":0,"issueCount":1,"starsCount":299,"forksCount":41,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-11-09T15:39:27.540Z"}},{"type":"Public","name":"PrintNightmare","owner":"outflanknl","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":2,"starsCount":331,"forksCount":69,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-09-13T08:45:26.380Z"}},{"type":"Public","name":"external_c2","owner":"outflanknl","isFork":false,"description":"POC for Cobalt Strike external C2","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":122,"forksCount":34,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-09-06T09:39:44.523Z"}},{"type":"Public","name":"Dumpert","owner":"outflanknl","isFork":false,"description":"LSASS memory dumper using direct system calls and API unhooking.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":1,"issueCount":5,"starsCount":1442,"forksCount":242,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-01-05T08:58:26.639Z"}},{"type":"Public","name":"Ps-Tools","owner":"outflanknl","isFork":false,"description":"Ps-Tools, an advanced process monitoring toolkit for offensive operations","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":327,"forksCount":83,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2020-12-01T13:51:53.782Z"}},{"type":"Public","name":"TamperETW","owner":"outflanknl","isFork":false,"description":"PoC to demonstrate how CLR ETW events can be tampered.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":186,"forksCount":33,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2020-03-26T20:46:21.525Z"}},{"type":"Public","name":"Scripts","owner":"outflanknl","isFork":false,"description":"Small scripts that make life better","allTopics":[],"primaryLanguage":{"name":"JavaScript","color":"#f1e05a"},"pullRequestCount":0,"issueCount":4,"starsCount":289,"forksCount":75,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2020-01-27T12:43:18.443Z"}},{"type":"Public","name":"Zipper","owner":"outflanknl","isFork":false,"description":"Zipper, a CobaltStrike file and folder compression utility.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":1,"starsCount":188,"forksCount":48,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2020-01-18T18:47:09.525Z"}},{"type":"Public","name":"Net-GPPPassword","owner":"outflanknl","isFork":false,"description":".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","allTopics":[],"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":0,"issueCount":0,"starsCount":162,"forksCount":36,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-12-18T10:14:32.657Z"}},{"type":"Public","name":"SharpHide","owner":"outflanknl","isFork":false,"description":"Tool to create hidden registry keys.","allTopics":[],"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":0,"issueCount":2,"starsCount":463,"forksCount":96,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-10-23T10:44:22.101Z"}},{"type":"Public","name":"Recon-AD","owner":"outflanknl","isFork":false,"description":"Recon-AD, an AD recon tool based on ADSI and reflective DLL’s","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":1,"starsCount":312,"forksCount":55,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-10-20T21:49:39.506Z"}},{"type":"Public","name":"Invoke-Templator","owner":"outflanknl","isFork":false,"description":"A PowerShell script to parse the docx/docm file format and update the template location.","allTopics":[],"primaryLanguage":{"name":"PowerShell","color":"#012456"},"pullRequestCount":0,"issueCount":0,"starsCount":17,"forksCount":7,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-10-15T09:31:38.870Z"}},{"type":"Public","name":"Excel4-DCOM","owner":"outflanknl","isFork":false,"description":"PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)","allTopics":[],"primaryLanguage":{"name":"PowerShell","color":"#012456"},"pullRequestCount":0,"issueCount":0,"starsCount":321,"forksCount":75,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-03-26T16:01:44.676Z"}},{"type":"Public","name":"Invoke-ADLabDeployer","owner":"outflanknl","isFork":false,"description":"Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.","allTopics":[],"primaryLanguage":{"name":"PowerShell","color":"#012456"},"pullRequestCount":0,"issueCount":0,"starsCount":477,"forksCount":72,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-02-16T21:35:37.420Z"}},{"type":"Public","name":"DoH_c2_Trigger","owner":"outflanknl","isFork":false,"description":"Code for blogpost: <a href=\"https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/\" rel=\"nofollow\">https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/</a>","allTopics":[],"primaryLanguage":{"name":"PowerShell","color":"#012456"},"pullRequestCount":0,"issueCount":0,"starsCount":54,"forksCount":20,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2018-10-25T14:22:22.116Z"}},{"type":"Public","name":"PasswordDump2ELK","owner":"outflanknl","isFork":false,"description":"Clean public password dump files and store in ELK","allTopics":[],"primaryLanguage":{"name":"Shell","color":"#89e051"},"pullRequestCount":0,"issueCount":0,"starsCount":37,"forksCount":13,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2018-01-24T12:59:53.099Z"}}],"repositoryCount":32,"userInfo":null,"searchable":true,"definitions":[],"typeFilters":[{"id":"all","text":"All"},{"id":"public","text":"Public"},{"id":"source","text":"Sources"},{"id":"fork","text":"Forks"},{"id":"archived","text":"Archived"},{"id":"template","text":"Templates"}],"compactMode":false},"title":"outflanknl repositories"}