Red teamer @ Outflank
Joined August 2015
- Tweets 305
- Following 157
- Followers 5,441
- Likes 892
22 Photos and videos
Pinned Tweet
28 Mar 2023
@OutflankNL blog: Attacking Visual Studio for Initial Access.
The post shows how viewing source code can lead to compromise of a dev's workstation. A journey into COM, type libraries and the inner workings of VS. Plus practical examples for red team ops.
outflank.nl/blog/2023/03/28/…
3
87
218
33,584
Stan Hegt retweeted
Exciting news: Zero-Point Security has joined @fortraofficial and will work alongside the @_CobaltStrike, @OutflankNL, and @_CoreImpact teams to develop the next generation of offensive security training! Get more details on the blog cobaltstrike.com/blog/new-mo…
11
52
330
17,612
Stan Hegt retweeted
Jan 21
📢 Big News! @mariuszbit is joining Outflank! He ticks all the boxes:
Experienced #offsec researcher ✓
Respected name in red teaming ✓
Built RMF tooling for initial access ✓
His work is coming to OST✓
The red hoodie fits perfectly ✓
Welcome Mariusz!
outflank.nl/blog/2026/01/21/…
9
9
67
12,537
Stan Hegt retweeted
Jan 7
Let's play peekaboo with PatchGuard! Read our blog post about hiding processes on modern Windows systems with HVCI enabled:
outflank.nl/blog/2026/01/07/…
6
126
316
26,228
Stan Hegt retweeted
9 Dec 2025
New blog by Outflank’s @KyleAvery: Linux process injection leveraging seccomp to inject shared libraries into Linux processes without LD_PRELOAD, ptrace nor elevated privileges.
Parent-to-child injection at any ptrace_scope level 💪😎
Tech details here: ow.ly/KwBh50XGvrC
1
54
151
13,138
Stan Hegt retweeted
7 Aug 2025
Black Hat Bonus: Learn more about @kyleavery 's research on training self-hosted LLMs to generate evasive malware and creation of a 7B parameter model that generates evasive Cobalt Strike shellcode loaders able to bypass Microsoft Defender for Endpoint. ow.ly/1EUf50WBI5e
47
105
9,838
4 Aug 2025
The Outflank and Cobalt Strike researchers will be hosting 15 minute technical lightning talks at our BlackHat USA booth. ⚡️ There's some really good content in there that you don't want to miss.
📍Booth #4422 (Fortra)
🕒 See attached schedule. Limited spots, so come early!
2
4
27
2,599
Stan Hegt retweeted
16 Jul 2025
Have you always wanted to roll out your own offensive monitoring network? See how Async BOFs enable automatic notifications for when users log in, useful applications (such as password vaults) are started, or the user tries to log off/shut down. outflank.nl/blog/2025/07/16/…
1
37
114
12,226
Stan Hegt retweeted
30 Jun 2025
BOFs are powerful, but error-prone! We dropped a post and new BOF linting tool to catch bugs early, and to prevent crashing implants.
This will speed up your Beacon Object File dev workflow. If you're building custom C2 payloads, it's a must-read. 🔍
📖 outflank.nl/blog/2025/06/30/…
54
174
19,279
Stan Hegt retweeted
18 Jun 2025
Here's our new blog on hiding your implant in VTL1, where even an EDR's kernel sensor can't see it.🧑🦯
Post includes full operational details. Plus our OST offering has been updated with a Cobalt Strike sleep mask exploiting secure enclaves.
Full read ➡️ outflank.nl/blog/2025/06/16/…
3
83
181
15,331
Stan Hegt retweeted
11 Apr 2025
Yes! We're doing the Infosec Kart Cup again! 🏎️🤘
Mark June 19 in your calendars, and reserve your spot now at infoseckartcup.nl! The 2024 edition was sold out.
3
6
2,958
Stan Hegt retweeted
31 Oct 2024
🚀 We're hiring a DevOps/Cloud Engineer at Outflank!
Join us to build and manage complex Azure environments that deliver our OST toolkit.
Skills: Kubernetes (AKS), GitOps, IaC, Tekton, Python💻 It's NOT an offensive role!
Based in NL or a time zone-friendly region? Let's chat!
2
8
13
2,707
Stan Hegt retweeted
17 Oct 2024
Excellent group of red teamers: ✅
Fantastic talks line up: ✅
Awesome badge: ✅
#RedTreat
1
7
61
18,098
Stan Hegt retweeted
15 Oct 2024
New Blog Alert! 🚨
Introducing Early Cascade Injection, a stealthy process injection technique that targets Windows process creation, avoids cross-process APCs, and evades top-tier EDRs.
Learn how it combines Early Bird APC Injection & EDR-Preloading: outflank.nl/blog/2024/10/15/…
4
182
427
36,219
13 Aug 2024
Thanks for the good work on part 1 @dez_ @SBousseaden @elastic. Here's our part 2 on #GrimResource. ♥️
13 Aug 2024
Who’s the real #GrimResource? Spoiler: It’s us! 😏
Here's our latest blog on using MSC files for initial access: outflank.nl/blog/2024/08/13/…
Fun fact: @elastic’s post on this technique came from a sample caught by a blue team, originally used by a red team through our OST offering.
9
27
3,745
Stan Hegt retweeted
30 Jul 2024
🔥🔥New goody dropped for Outflank Security Tooling customers: PhisherPrice
PhisherPrice helps with Device Code Flow abuse without sending codes/QRs via email. Easy to setup and host a phishing website, easy to receive auth tokens. Just as you like it.
2
27
88
10,761
Stan Hegt retweeted
3 Jun 2024
It's not *always* about Windows--macOS and Linux #EDRs need attention, too! In our latest blog, @kyleavery explains more about the telemetry sources for these under-discussed #endpoint products>
outflank.nl/blog/2024/06/03/…
1
49
94
27,589
31 May 2024
🏁 InfoSec Kart Cup 2024 is heating up! 🏎️
We already have 30 teams ready to race! Blue team defenders and red team attackers, come challenge your peers in this outdoor karting showdown.
📍 Berghem, NL
📅 June 27
Check our "special" website for details: infoseckartcup.nl
1
5
9
1,802
Stan Hegt retweeted
24 May 2024
Want to see this new initial access tool in action? Register for next week's demo on May 30. We'll show this tool, together with other tools and features of Outflank Security Tooling.
register.gotowebinar.com/reg…
24 May 2024
Initial access to the max!
We just released a new OST tool, using our research and full weaponisation of an obscure file format.
This file format allows shellcode loading with just a double click and is under less MotW scrutiny than most other popular initial access vectors. 💪
2
10
2,428
Stan Hegt retweeted
24 May 2024
Initial access to the max!
We just released a new OST tool, using our research and full weaponisation of an obscure file format.
This file format allows shellcode loading with just a double click and is under less MotW scrutiny than most other popular initial access vectors. 💪
3
23
80
19,249
18 Apr 2024
I will be at @GISECGlobal in Dubai on April 23rd 24th to represent @OutflankNL and our parent company @fortraofficial.
If you want a private demo of our toolkit for red teams Outflank Security Tooling (OST) and Cobalt Strike then drop me a line or visit our booth at Hall 6/C75.
1
5
7
1,391