We provide products and services to help Red Teams in their offensive security engagements
We provide MacroPack Pro, an advanced toolkit to weaponize and and deliver payloads that bypass defense techniques.READ MORE
Our "Payload as a Service" offer consist into custom payloads, weaponisation, zero-day research, and advanced services for Red Teams.READ MORE
BallisKit is an offer of tools and services to help redteams and pentesters in their missions. Use cases include penetration testing, demos and social engineering campaigns (email, USB key, etc.). Ethical hacker and Redteam often have to spend a lot of time writing payloads to emulate adversaries and threats. These payloads needs to bypass security solutions and be maintained to be adapted to various engagement. Those tasks are more difficult now that most Antivirus implements behavioral analysis and other advanced technology.
BallisKit can help by providing automation and weaponization of the payload generations and security solution bypass either via powerful generation tools such as MacroPack Pro or via consulting services.
Our products and services are based on security research, part of which are available on Sevagas blog.
If you want to get deeper into technical details, you can read the next blog posts:
21 jan 2021
MacroPack Pro provides multiple options and templates related to shellcode launch, these options enable to build VBA code which is not detected by most security solutions.
18 Sep 2020
Excel 4.0 macro (also called XLM) have been commonly used by malicious operators these last years. MacroPack Pro supports generation of those vintage Excel 4.0 Macros that are described in this post.
Advanced payloads generation and weaponization for Redteams. BallisKit comes with the Pro edition of MacroPack Community that includes premium features. It helps Red Teams automating, weaponizing and delivering their payloads while offering robust defense bypass techniques.
MacroPack Pro is compatible with common offensive frameworks/tools such as Cobalt Strike, Meterpreter, Empire, and many others.
|Default AV static analysis||Other AV static analysis||Behavioural analysis (AMSI)||Attack Surface Reduction|
|Common dropper, default Meterpreter and Empire stagers|
|Dropper / Meterpreter / Empire by MacroPack Community|
|Dropper / Meterpreter / Empire by MacroPack Pro|
MacroPack Pro supports a diversity of formats such as MS Office but also MS Visio, Project, and vbscript formats such as VBS or HTA. The special HTA macro feature allows to leverage advanced payload on other formats such as shortcuts or help files.
MacroPack Pro comes with a set of templates and methods to help you generating the right payload. There are several advanced options which enable detection bypass.
Since version 2.0 MacroPack Pro also supports Excel 4.0 (XLM) payloads to expand even more the range of attacks you can simulate.
MacroPack Pro comes with several ready-to-use templates as well as all sorts of weaponization features including antivirus bypass, airgap bypass, sandbox detection, obfuscation, exe/dll embedding, etc.
Contact us for more information.
Our products price are based on annual license. There are two kind of license plus additional options.
The Single User License
The Team License(5 people)
The license comes with support for payload generation and access to regular updates including AntiVirus and AMSI bypass.
There is also a Premium Option to get your own undisclosed bypass/injection/etc methods whith custom code not shared with other MacroPack customers.
The price for this option depends on the required code and is open only to customers purchasing at least one Team license.
Contact us for more information.
We offer consulting services for Pentesters and Red Teams. We can help you to select the right payload to achieve your goals in your specific context but also develop specific weaponization methods or bypass specific detection mechanisms.
Provide a custom macro/script payload for social engineering / post exploitation
Provide a payload tested against designated specific security solutions
Harden an existing PE / DLL / shellcode to bypass protections
Rework C++ / python sources so it bypasses security solutions
To contact us, please send an email to emeric.nasi[ at ]sevagas.com or contact[ at ]balliskit.com.
Inquiries are only accepted from professional email address. Do not use gmail or protonmail to contact us.
Exchanges can be secured via GPG encrypted emails.