Next august, we'll host our newly designed advanced defensive engineering training at @BlackHatEvents in Las Vegas. Next to detection engineering we'll also cover topics like enrichment, lifecycle management and AI. There are still some spot left! blackhat.com/us-26/training/…

Red teaming && racing, two of my main interests, now together in 1 event! Come and join me on May 27 at Racesquare Utrecht to hear me talk about red team tooling, and to jump in a virtual F1 car for a race. More info on this *free* event: the-s-unit.nl/fortra-event/

New blog by Outflank’s @KyleAvery: Linux process injection leveraging seccomp to inject shared libraries into Linux processes without LD_PRELOAD, ptrace nor elevated privileges. Parent-to-child injection at any ptrace_scope level 💪😎 Tech details here: ow.ly/KwBh50XGvrC

Would you like to be my colleague, and get to wear an awesome red hoodie? We are looking for a full-stack / offensive developer. Drop me a message or apply directly: job-boards.greenhouse.io/for…

4.12 has been a blast to work on, and it’s awesome to see it release! Happy tinkering 😁

Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️ ghst.ly/4qtl2rm

We're at BlackHat USA. At 1.30 PM our Outflank researcher @kyleavery will present his work on how he trained a 7B parameter LLM to defeat Microsoft Defender for Endpoint. An accompanying blog post will go out later today and we'll release the model on Hugging Face. Stay tuned!

The Registry Rundown. Last year Cedric Van Bockhaven & Max Grim showed us how even non-administrators can do some very interesting things with the registry. #Cybersecurity #WindowsRegistry #Infosec Watch here: youtu.be/MxDq552Di3Y?si=eWI8…

Yes! We're doing the Infosec Kart Cup again! 🏎️🤘 Mark June 19 in your calendars, and reserve your spot now at infoseckartcup.nl! The 2024 edition was sold out.

Automatic browser SSO with a PRT on a victim device over an Outflank C2 implant 🥰 using ROADtools and some hackery from @max__grim

Headed to Singapore for BlackHat Asia? Be sure to stop by booth 507 to talk all things #offsec and then join @OutflankNL's @max__grim to learn how Outflank C2 (OC2) can cut through the noise and extract critical insights, enabling smarter operations.#BHASIA @BlackHatEvents

Headed to Singapore for BlackHat Asia? Join Outflank's own @max__grim for a deep dive into Outflank C2 (OC2) and discover how it can cut through the noise and extract critical insights, enabling smarter operations.#BHASIA @BlackHatEvents

Enjoying @1ns0mn1h4ck? Don't miss @c3c's speaking session on using VBS enclaves for handling sensitive data>

Virtual fortresses aren’t as invincible as they seem 🏰⚔️. Read about our latest research on using Secure Enclaves in Windows for offensive ops — plus fresh insights for red teamers. Check out Part 1 of our blog series here: outflank.nl/blog/2025/02/03/…

We worked with @_dirkjan to get this as an exclusive into Outflank Security Tooling with a new tool called ROADtune. ROADtune allows red teamers to: - bypass CAP by faking device compliance registration - loot secrets from applications pushed to compliant devices Cool stuff!

🚀 We're hiring a DevOps/Cloud Engineer at Outflank! Join us to build and manage complex Azure environments that deliver our OST toolkit. Skills: Kubernetes (AKS), GitOps, IaC, Tekton, Python💻 It's NOT an offensive role! Based in NL or a time zone-friendly region? Let's chat!

Pretty proud of this one, took a lot of work. And no, this device does not exist 😎

if you’re going to sector, let me know! i’ll be there this evening through friday

For anyone who's badge I managed to "Pwnz0rz111" today at RedTreat, you can revert back to the "original" FW by booting the badge, and once my spooky purge face shows up, press the middle button (the up button) and then the top button (the select button). The image just overlays a hidden menu option, so you're just selecting "Unpwn Badge" in the background which switches the badge over to OTA0 (original files). Thanks to @max__grim and @c3c for the awesome badges, and to @MDSecLabs and @OutflankNL for the amazing CON!

And thats a wrap of #RedTreat 2024 2 days of hardcore red teaming research and meeting other rt researchers and operators. Mind still 🤯 processing some of the discussions! Thanks to all the attendees and speakers for being present at our little conf! /c @MDSecLabs @OutflankNL