Outflank Security Tooling (OST) is a collection of offensive security tools developed by Outflank (now part of Fortra) for use by red teams, adversary simulation teams, and advanced penetration testers. OST bundles internally developed tools that are not publicly available, targeting techniques used by APT groups and organized crime. The toolkit is designed to bypass defensive measures such as antivirus and EDR products, and to support OPSEC-safe operations throughout the full attack kill chain. The toolkit includes the following components: - **Payload Generator**: Creates advanced payloads with OPSEC and anti-forensic features for AV/EDR evasion. - **Office Intrusion Pack**: Provides offensive macros for phishing via MS Office documents to establish initial access. - **Stego Loader**: Conceals payloads inside images using steganography techniques. - **Lateral Pack**: Enables lateral movement while evading EDR products using unpublished techniques. - **Outflank C2 (formerly Stage 1)**: A pre-C2 toolkit for OPSEC-safe reconnaissance and smuggling full C2 frameworks past defenses. - **HiddenDesktop**: Allows hidden interaction with a target's desktop without the user's awareness, useful for post-exploitation. OST integrates with Cobalt Strike via BOFs and reflective DLL loading, and is also available as part of bundled suite offerings that include Cobalt Strike and Core Impact. The toolkit is continuously updated and includes documentation to support operator use.