Petit Sio

@[email protected]
87 Followers
32 Following
30 Posts
CyberSecurity researcher, developer of MacroPack Pro and BallisKit offers. I have a passion for all infosec subjects especially redteam. My tweets are my own.
Infosec Bloghttps://blog.sevagas.com
My LinkedInhttps://www.linkedin.com/in/emeric-nasi-84950528/
Petit SioJul 19, 2023
BallisKitJul 19, 2023
#ShellcodePack tip: Some of the advanced emulator bypass techniques presented by @EmericNasi
at TyphoonCon are implemented in the current version of ShellcodePack.
Petit SioJul 4, 2023
Finally found a way to drop from LNK without Certutil, or any interpreter (or anything from MS recommended block list!) -> Into MacroPack next version you go :)
But first, bypass tests against AV and EDRs ^^
Petit SioJun 21, 2023
BallisKitJun 21, 2023

We just released ShellcodePack 2.4.0!! It includes:
- 2 DLL Unhooking methods
- SCR and PIF gen
- New emulation bypass methods
- Encrypted zip and 7zip containers

Checkout this video:
https://youtu.be/4d-dtrKq6B8

Redteam: Create malicious SCR shellcode launcher with ShellcodePack

YouTube
Petit SioMay 15, 2023

I will be at OffensiveCon
in Berlin end of the week. Send me a message if you want to have a drink/talk :)

See you there!

#infosec

Petit SioApr 26, 2023
BallisKitApr 26, 2023

ShellcodePack 2.3.1 is available 🥳
Main new features are:
- New option to artificially inflate PE file size
- New option to spoof manifest of given PE
- Support of x96 architecture in the GUI
- New option to patch ETW in local process
#redteam

https://vimeo.com/821317473

ShellcodePack 2.3.1 - New Features Presentation

Vimeo
Petit SioMar 14, 2023
A new version of ShellcodePack is available! With new options related to DLL payloads. And as always multiple AV/EDR bypass features :)
#redteam #balliskit
Petit SioFeb 15, 2023
BallisKitFeb 15, 2023
MacroPack Tip: Reproducing adversary methods such as Zip -> vbs -> payload.dll + decoy.pdf (without parent/child process relations) is done with a single command line. You can also use the GUI to build that command line.
#redteam
Petit SioFeb 13, 2023
I am adding generation of Malicious .url files in the next version of MacroPack Pro. I am still researching it, it's a powerful vector with various capabilities.
Also very trendy amongst offensive actors at the moment (like LNK and .One payloads).
#redteaming #offensivesecurity
Petit SioFeb 6, 2023

OneNote payloads have hyped a lot since Lance (@unit221b
) and myself published "RedTeam With OneNote" last summer!
#redteam

https://blog.sevagas.com/?RedTeam-With-OneNote

RedTeam With OneNote - Sevagas

OneNote is one of the Office suite components which is often overlooked when RedTeaming. Though OneNote cannot execute VBA Macros, it has an important potential for phishing as an initial vector.

Petit SioFeb 1, 2023
Just released a new MacroPack version 🥳🥳
For the first time with a GUI! Also includes new bypass methods for LNK payloads, and many more features (DM me or send an email if you want more details)
#redteam #BallisKit