About BallisKit

We provide products and services to help Red Teams in their offensive security engagements

READ MORE

MacroPack Pro

We provide MacroPack Pro, an advanced toolkit to weaponize and and deliver payloads that bypass defense techniques.

READ MORE

Services

Our "Payload as a Service" offer consist into custom payloads, weaponisation, zero-day research, and advanced services for Red Teams.

READ MORE

About Balliskit

BallisKit is an offer of tools and services to help redteams and pentesters in their missions. Use cases include penetration testing, demos and social engineering campaigns (email, USB key, etc.). Ethical hacker and Redteam often have to spend a lot of time writing payloads to emulate adversaries and threats. These payloads needs to bypass security solutions and be maintained to be adapted to various engagement. Those tasks are more difficult now that most Antivirus implements behavioral analysis and other advanced technology.

BallisKit can help by providing automation and weaponization of the payload generations and security solution bypass either via powerful generation tools such as MacroPack Pro or via consulting services.

Contact us

Blog Posts

Our products and services are based on security research, part of which are available on Sevagas blog.
If you want to get deeper into technical details, you can read the next blog posts:

 

Various ways to run shellcodes with MacroPack Pro

21 jan 2021

MacroPack Pro provides multiple options and templates related to shellcode launch, these options enable to build VBA code which is not detected by most security solutions.

EXCEL 4.0 XLM macro in MacroPack Pro

18 Sep 2020

Excel 4.0 macro (also called XLM) have been commonly used by malicious operators these last years. MacroPack Pro supports generation of those vintage Excel 4.0 Macros that are described in this post.

Advanced MacroPack payloads: XLM Injection

18 Sep 2020

Lets have a look at how to run Excel 4.0 Macros (XLM) from Word, PowerPoint, HTA, or even shortcuts and non VB based files. We call this technique XLM injection.





Our products for RedTeams
Automation and Expertise

MacroPack Pro

Advanced payloads generation and weaponization for Redteams. BallisKit comes with the Pro edition of MacroPack Community that includes premium features. It helps Red Teams automating, weaponizing and delivering their payloads while offering robust defense bypass techniques.

MacroPack Pro is compatible with common offensive frameworks/tools such as Cobalt Strike, Meterpreter, Empire, and many others.

Payloads ByPass
Default AV static analysis Other AV static analysis Behavioural analysis (AMSI) Attack Surface Reduction
Common dropper, default Meterpreter and Empire stagers
Dropper / Meterpreter / Empire by MacroPack Community
Dropper / Meterpreter / Empire by MacroPack Pro

MacroPack Pro supports a diversity of formats such as MS Office but also MS Visio, Project, and vbscript formats such as VBS or HTA. The special HTA macro feature allows to leverage advanced payload on other formats such as shortcuts or help files. MacroPack Pro comes with a set of templates and methods to help you generating the right payload. There are several advanced options which enable detection bypass.
Since version 2.0 MacroPack Pro also supports Excel 4.0 (XLM) payloads to expand even more the range of attacks you can simulate.

Buildin Templates

  • Command execution
  • Download and execute
  • Download and run PowerShell
  • Download and load DLL
  • Download and load XSL
  • Meterpreter
  • Drop and run embedded files
  • Drop and run embedded DLL
  • Empire stager
  • Shellcode Injection (including large stageless shellcodes)

Supported payloads

  • Microsoft Office (Word, Excel, PowerPoint)
  • MS Project
  • MS Visio
  • MS Access
  • VB script files: VBS, HTA, SCT, WSF, XSL
  • Shortcuts: LNK, SLK, SCF, etc
  • Compiled help files (CHM)
  • Visual Studio Project
  • Misc: INF, IQY, etc.

Execution Methods

  • WMI
  • Wscript
  • Various COM objects
  • Excel4 macro
  • Rogue COM object
  • Task Scheduler
  • Combo
  • InvokeVerb
  • CreateProcess
  • Run PE

Security Bypass

  • AV Bypass
  • VB and Command line Obfuscation
  • Self decode in memory
  • Run in Excel memory
  • Multiple AMSI bypass
  • Social Engineering tricks
  • Anti sandbox
  • Run exe in Memory
  • ASR bypass
  • Multiple UAC bypass
  • XLM Injection

MacroPack Pro comes with several ready-to-use templates as well as all sorts of weaponization features including antivirus bypass, airgap bypass, sandbox detection, obfuscation, exe/dll embedding, etc.

Contact us for more information.

License Model

Our products price are based on annual license. There are two kind of license plus additional options.

The Single User License

The Team License(5 people)

Premium option

The license comes with support for payload generation and access to regular updates including AntiVirus and AMSI bypass.

There is also a Premium Option to get your own undisclosed bypass/injection/etc methods whith custom code not shared with other MacroPack customers.

The price for this option depends on the required code and is open only to customers purchasing at least one Team license.

Contact us for more information.





Professional Services
& "Payload as a
Service"

We offer consulting services for Pentesters and Red Teams. We can help you to select the right payload to achieve your goals in your specific context but also develop specific weaponization methods or bypass specific detection mechanisms.

 

Provide a custom macro/script payload for social engineering / post exploitation

Provide a payload tested against designated specific security solutions

Harden an existing PE / DLL / shellcode to bypass protections

Rework C++ / python sources so it bypasses security solutions





Lets keep in touch!

To contact us, please send an email to emeric.nasi[ at ]sevagas.com or contact[ at ]balliskit.com.
Inquiries are only accepted from professional email address. Do not use gmail or protonmail to contact us.
Exchanges can be secured via GPG encrypted emails.