We provide products and services to support Red Teams in their offensive security engagements. BallisKit is a French company.
READ MORE
We provide MacroPack Pro and ShellcodePack to generate and weaponize payloads while helping you bypass defense techniques.
READ MORE
We provide advanced trainings and our "Payload as a Service" dedicated to help advanced Offensive security teams
READ MOREBallisKit is an array of tools and services developed to help Red Teams and Pentesters in their mission. Capabilities include, among other, penetration testing, demos and social engineering campaigns (email, USB key, etc.). Ethical hackers and Red Teams often have to spend a lot of time writing payloads to emulate adversaries and threats. These payloads need to bypass security solutions and be maintained to be adapted to various engagements. Those tasks are more difficult now that most security tools implement behavioral analysis and other advanced technology.
BallisKit helps by providing automation and weaponization of payload generation. Our products are also equipped with multiple security solution bypasses and ready to use templates to cover any scenarios the RedTeam may face.
MacroPack Pro is a Swiss-army knife for initial vector generation. It helps Red Teams automate, weaponize and deliver payloads while offering robust defense bypass techniques.
MacroPack Pro supports the latest trend in payload generation such as LNK, URL, ClickOnce, HTML smuggling. It can be used to generate or trojan classic Office formats (Word, Excel, PowerPoint, Publisher, OneNote, Visio, MS Project). If you are looking at Office alternatives, use MacroPack to generate scripts such as HTA, WSF, SCT, VBS, MSI, etc.
MacroPack Pro is compatible with common offensive frameworks and tools such as Sliver, Cobalt Strike, Mythic, Empire, among others.
| Payloads | ByPass | |||
|---|---|---|---|---|
| Default AV static analysis | Other AV static analysis | Behavioural analysis (AMSI) | Attack Surface Reduction (ASR) | |
| Common dropper, default Meterpreter and Empire stagers | ||||
| Dropper, Meterpreter and Empire by MacroPack Community |  |
|||
| Dropper, Meterpreter and Empire by MacroPack Pro | |
|
|
|
MacroPack Pro is regularly tested against multiple Antivirus and EDRs and come with regular updates as well as email and live support on our Slack customer space.
MacroPack Pro can be used to generate or trojan a diversity of formats and is highly customisable.
MacroPack Pro includes supply chain attack options. It supports generation and trojaning of Malicious MSI.
But also malicious Clickonce, HTML Smuggling, malicious shortcuts, help files, or trojaned Visual Studio project.
MacroPack Pro comes with a set of templates and methods to help you generate the right payload for your objective. There are several additional advanced options enabling detection bypass.
MacroPack Pro comes with several ready-to-use templates as well as an array of weaponization features including antivirus bypass, airgap bypass, sandbox detection, obfuscation, exe/dll embedding, etc.
We cannot list all the options here (there are 14 methods just for command line execution!), but do not hesitate to ask for user documentation or a quick call!
Contact us for more information or have a look at some nice demos
ShellcodePack helps offensive security teams to manipulate, generate, and weaponize shellcode and shellcode-based payloads. It also provides social engineering features and defense bypass techniques.
Note: Most of ShellcodePack features like encryption, domain check, bypasses, are encoded directly in assembly code inside the shellcode. Not in the launcher. This means the raw shellcode itself is weaponized, and can be used in a third party loader like MacroPack Pro.
ShellcodePack generates payloads in multiple formats and is compatible with common offensive frameworks/ tools such as Cobalt Strike and Meterpreter, among others.
Users feed ShellcodePack a third party shellcode or use one of the ready-to-use templates.
ShellcodePack also implements features to help vulnerability research and exploitation such as DLL proxy, service generation, etc.
ShellcodePack is regularly tested successfully to bypass Antivirus and advanced EDR products.
Contact us for more information or have a look at some nice demos
Our products are available on annual license basis. There are two kind of license and several additional options.
Single User License
Team License(up to 5 people)
Premium options
The single-user and the team both include one year support for payload generation and access to our Slack community. You will also receive regular updates including security solutions bypasses and customer suggested new features.
The Premium Option allows you to get your own undisclosed bypass/injection method with custom code (not shared with other customers). The price for this option depends on the required code and is open only to customers purchasing at least one Team license.
Contact us for more information.
We offer trainings and consulting services for Pentesters and Red Teams. We can help you select the right payload to achieve your goals in your specific context. We also offer support on the development os specific weaponization methods and bypass os specific detection mechanisms. Our work also includes custom payloads, weaponization, and zero-day research (bypass and vulnerability).
Provide a custom macro/script payload for social engineering/ post exploitation
Provide a payload tested against designated specific security solutions
Harden an existing PE/ DLL/ shellcode to bypass protections
Rework C++/ python sources to bypass security solutions
Our products and services are based on export security research, part of which are available on Sevagas blog.
Below are 3 of the posts you can find on the blog. Browse the blog if you are interrested into technical details.
20 Jun 2023
Discover how to drop Sliver implants while evading security solutions using BallisKit MacroPack Pro and ShellcodePack.
9 august 2022
OneNote is one of the Office suite components which is often overlooked when RedTeaming. Though OneNote cannot execute VBA Macros, it has an important potential for phishing as an initial vector.
28 April 2022
Microsoft Publisher is another tool of the Office suite which is often ignored when RedTeaming. However, it has been successfully used in several malware campaigns. Let’s review the pros and cons of using a Publisher document as an initial RedTeam payload.
To contact us, please send an email to emeric[ at ]balliskit.com.
Inquiries are only accepted from professional email address. Anonymous domains auch as gmail or protonmail are not accepted.
Exchanges can be secured via GPG encrypted emails.