BallisKit

@[email protected]
3 Followers
1 Following
17 Posts
BallisKit provides tooling and services to professional Pentesters & Red Teams.
BallisKit develops the pro edition of MacroPack.
Our websitehttps://www.balliskit.com
Our LinkedIn pagehttps://www.linkedin.com/company/balliskit/
BallisKitJul 19, 2023
#ShellcodePack tip: Some of the advanced emulator bypass techniques presented by @EmericNasi
at TyphoonCon are implemented in the current version of ShellcodePack.
BallisKitJul 4, 2023
Petit SioJul 4, 2023
Finally found a way to drop from LNK without Certutil, or any interpreter (or anything from MS recommended block list!) -> Into MacroPack next version you go :)
But first, bypass tests against AV and EDRs ^^
BallisKitJun 21, 2023

We just released ShellcodePack 2.4.0!! It includes:
- 2 DLL Unhooking methods
- SCR and PIF gen
- New emulation bypass methods
- Encrypted zip and 7zip containers

Checkout this video:
https://youtu.be/4d-dtrKq6B8

Redteam: Create malicious SCR shellcode launcher with ShellcodePack

YouTube
BallisKitMay 15, 2023
BallisKitApr 26, 2023

ShellcodePack 2.3.1 is available 🥳
Main new features are:
- New option to artificially inflate PE file size
- New option to spoof manifest of given PE
- Support of x96 architecture in the GUI
- New option to patch ETW in local process
#redteam

https://vimeo.com/821317473

ShellcodePack 2.3.1 - New Features Presentation

Vimeo
BallisKitMay 15, 2023
Petit SioMay 15, 2023

I will be at OffensiveCon
in Berlin end of the week. Send me a message if you want to have a drink/talk :)

See you there!

#infosec

BallisKitApr 26, 2023

ShellcodePack 2.3.1 is available 🥳
Main new features are:
- New option to artificially inflate PE file size
- New option to spoof manifest of given PE
- Support of x96 architecture in the GUI
- New option to patch ETW in local process
#redteam

https://vimeo.com/821317473

ShellcodePack 2.3.1 - New Features Presentation

Vimeo
BallisKitMar 14, 2023
Petit SioMar 14, 2023
A new version of ShellcodePack is available! With new options related to DLL payloads. And as always multiple AV/EDR bypass features :)
#redteam #balliskit
BallisKitFeb 15, 2023
MacroPack Tip: Reproducing adversary methods such as Zip -> vbs -> payload.dll + decoy.pdf (without parent/child process relations) is done with a single command line. You can also use the GUI to build that command line.
#redteam
BallisKitFeb 13, 2023
Petit SioFeb 13, 2023
I am adding generation of Malicious .url files in the next version of MacroPack Pro. I am still researching it, it's a powerful vector with various capabilities.
Also very trendy amongst offensive actors at the moment (like LNK and .One payloads).
#redteaming #offensivesecurity
BallisKitFeb 6, 2023
Petit SioFeb 6, 2023

OneNote payloads have hyped a lot since Lance (@unit221b
) and myself published "RedTeam With OneNote" last summer!
#redteam

https://blog.sevagas.com/?RedTeam-With-OneNote

RedTeam With OneNote - Sevagas

OneNote is one of the Office suite components which is often overlooked when RedTeaming. Though OneNote cannot execute VBA Macros, it has an important potential for phishing as an initial vector.