The Offensive Software Stack for Modern Red Teams
MacroPack, ShellcodePack, and DarwinOps give red teams the capabilities to run faster, hit harder, and meet the technical evasion requirements for mature networks.
Used by TIBER-EU red teams and intelligence-led red team providers across Europe, North America, and APAC.
Three Tools. One Offensive Stack.
Modular tooling for Windows initial access, payload weaponization, and full macOS engagements. Buy the tools your engagement scope demands.
MacroPack
€1,350 / year per user
MacroPack covers the entire initial access and assume breach payload pipeline for Windows environments. State of the arts attack methods integrated with evasion tricks against EDRs, Applocker, and Smartscreen.
- Ready to use scenarios (shellcode loader, dropper, stager, enumeration, etc)
- 29+ output formats (incl Clickonce, LNK, scripts, supply chain attacks ..)
- Advanced obfuscator for .NET, VBA, scripts,etc.
- Highly customizable
- EDR Evasion profiles
ShellcodePack
€875 / year per user
ShellcodePack turns shellcode and PE files (including Go, Rust, and DotNET) into deployment-ready payloads with built-in evasion against both static and runtime detections, and native integration with every major C2.
- Static and runtime Evasion
- Compatible with open source and commercial C2 implants
- 11+ output formats (incl exe, xll, .Net, Python, etc.)
- Advanced usecase (ex DLL proxying, AppDomain injection)
DarwinOps
€1,490 / year per user
Enables creating RedTeam engagements on macOS with a wide range of initial access formats, highly customizable payloads, evasion mechanisms (Apple and EDR), implant weaponization, and pentest templates.
- 14 Initial Access formats (APP, PKG, DMG, MACHO...)
- Ready to use DMG phishing profile
- JXA (osascript) Evasion
- Advanced Dylib Persistence (Scanning and Hijacking)
- Per-target EDR bypass profiles
Built for the Demands of TIBER-EU Engagements
TIBER-EU requires threat intelligence-led attack scenarios against live production systems. That means precise initial access vectors, controlled weaponization, and multi-platform coverage - executed within fixed time windows.
BallisKit maps directly to every stage TIBER demands: MacroPack Pro handles Windows initial access, ShellcodePack handles weaponization, DarwinOps handles macOS environments.
Learn how BallisKit supports TIBER-EU| TIBER Phase | BallisKit Tool |
|---|---|
| Initial Access (Windows) | MacroPack + ShellcodePack |
| Weaponization | ShellcodePack + MacroPack |
| Initial Access (macOS) | DarwinOps |
| Privilege Escalation (macOS) | DarwinOps |
| Persistence | MacroPack + DarwinOps |
| C2 Integration | All tools |
Why Red Teams Choose BallisKit
Offensive Power Across the Full Chain
From initial access vector generation through third party tooling weaponization to macOS persistence, three tools that cover the complete offensive chain. Buy what your engagement scope demands.
Evasion That Holds Against Modern EDR
AMSI bypass, ETW patching, Indirect syscalls, callstack spoofing, and per-target EDR bypass profiles. Specific techniques for specific products - updated as detection logic changes.
Purpose-Built for TIBER-EU Requirements
TIBER-EU mandates threat intelligence-led attacks against live production. BallisKit handles payload preparation so your team executes scenarios at the depth the framework demands.
Trusted by Red Teams Across The World
“Creating payloads to bypass EDRs requires precision. What once took days - or weeks - now takes minutes.”
“BallisKit's products have consistently allowed our payloads to bypass modern defenses.”
“DarwinOps fills a real gap. Enterprise environments have Macs; our assessments needed to cover them properly. Now they do.”
“The bypass profile system is what sets it apart. We stopped wasting engagement time on payload iteration and started spending it on scenario execution.”
“ShellcodePack brought consistency to our shellcode weaponization process. Every operator on the team produces the same quality output regardless of experience level.”
“Having ATT&CK technique coverage mapped for each output format made our TIBER scenario documentation significantly faster to produce.”
“We have been using Balliskit tools for over a year in our penetration tests and red team assessments (even in assumed breach scenarios). The tool enables us to meet our clients’ needs in terms of personalization and contextualization of the desired attack. It has also helped us reduce our R&D time and focus more on the engagement itself. The support team has also been very responsive.”
“BallisKit's tools provide us with payload delivery capabilities that bypass EDRs and deliver us into the heart of the action in red team engagements with our clients. It is a dependable, reliable, and a great solution that is well supported and delivers excellent value for us and our clients on engagements.”
Start Your Next Engagement Better Equipped
Annual licenses. Volume discounts for teams. Bundle pricing when you need all three.
Professional email required. Response within 24 hours.