Would you like to be my colleague, and get to wear an awesome red hoodie? We are looking for a full-stack / offensive developer. Drop me a message or apply directly:

4.12 has been a blast to work on, and it’s awesome to see it release! Happy tinkering 😁

Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️

We're at BlackHat USA. At 1.30 PM our Outflank researcher @kyleavery_ will present his work on how he trained a 7B parameter LLM to defeat Microsoft Defender for Endpoint. An accompanying blog post will go out later today and we'll release the model on Hugging Face. Stay tuned!

The Registry Rundown. Last year Cedric Van Bockhaven & Max Grim showed us how even non-administrators can do some very interesting things with the registry. #Cybersecurity #WindowsRegistry #Infosec Watch here:

Yes! We're doing the Infosec Kart Cup again! 🏎️🤘 Mark June 19 in your calendars, and reserve your spot now at https://t.co/pVT7ca9Mqs! The 2024 edition was sold out.

Automatic browser SSO with a PRT on a victim device over an Outflank C2 implant 🥰 using ROADtools and some hackery from @max__grim

Headed to Singapore for BlackHat Asia? Be sure to stop by booth 507 to talk all things #offsec and then join @OutflankNL's @max__grim to learn how Outflank C2 (OC2) can cut through the noise and extract critical insights, enabling smarter operations.#BHASIA @BlackHatEvents

Headed to Singapore for BlackHat Asia? Join Outflank's own @max__grim for a deep dive into Outflank C2 (OC2) and discover how it can cut through the noise and extract critical insights, enabling smarter operations.#BHASIA @BlackHatEvents

Enjoying @1ns0mn1h4ck? Don't miss @c3c's speaking session on using VBS enclaves for handling sensitive data>

Virtual fortresses aren’t as invincible as they seem 🏰⚔️. Read about our latest research on using Secure Enclaves in Windows for offensive ops — plus fresh insights for red teamers. Check out Part 1 of our blog series here: https://t.co/I7eDWJFMQp

We worked with @_dirkjan to get this as an exclusive into Outflank Security Tooling with a new tool called ROADtune. ROADtune allows red teamers to: - bypass CAP by faking device compliance registration - loot secrets from applications pushed to compliant devices Cool stuff!

🚀 We're hiring a DevOps/Cloud Engineer at Outflank! Join us to build and manage complex Azure environments that deliver our OST toolkit. Skills: Kubernetes (AKS), GitOps, IaC, Tekton, Python💻 It's NOT an offensive role! Based in NL or a time zone-friendly region? Let's chat!

Pretty proud of this one, took a lot of work. And no, this device does not exist 😎

if you’re going to sector, let me know! i’ll be there this evening through friday

For anyone who's badge I managed to "Pwnz0rz111" today at RedTreat, you can revert back to the "original" FW by booting the badge, and once my spooky purge face shows up, press the middle button (the up button) and then the top button (the select button). The image just overlays

And thats a wrap of #RedTreat 2024 2 days of hardcore red teaming research and meeting other rt researchers and operators. Mind still 🤯 processing some of the discussions! Thanks to all the attendees and speakers for being present at our little conf! /c @MDSecLabs @OutflankNL

Who’s the real #GrimResource? Spoiler: It’s us! 😏 Here's our latest blog on using MSC files for initial access: https://t.co/aQ0Of11pU8 Fun fact: @elastic’s post on this technique came from a sample caught by a blue team, originally used by a red team through our OST offering.

OST's Stage1 C2 is now Outflank C2, an optimised, OPSEC focused custom C2 framework with: •Native implants for Windows, macOS and Linux •Dynamic code exec •Proxying support •Peer-to-peer C2 between all three implants Get more info at https://t.co/UM2DPDBWqM

Sore muscled but satisfied looking back at the first #InfosecKartCup With 135+ people this was a fantastic social event for infosec profs in NL. Always great to connect offline! Thank you all for attending. Thank you @Northwave_Sec for co-organizing. See you next year?