About BallisKit

We provide products and services to support Red Teams in their offensive security engagements. BallisKit is a French company.

READ MORE

Products

We provide MacroPack Pro, ShellcodePack, DarwinOps to generate and weaponize payloads while helping you bypass defense techniques.

READ MORE

Trainings/Services

We provide advanced trainings and our "Payload as a Service" dedicated to help advanced Offensive security teams

READ MORE

About Balliskit

Ethical hackers and Red Teams often have to spend a lot of time writing payloads to emulate adversaries and threats. These payloads need to bypass security solutions and be maintained to be adapted to various engagements. Those tasks are more difficult now that most security tools implement behavioral analysis and other advanced technology.

BallisKit helps by providing automation and weaponization of payload generation. Our products are also equipped with multiple security solution bypasses and ready to use templates to cover any scenarios the RedTeam may face. BallisKit is an array of tools and services developed to help Red Teams and Pentesters in their mission. Capabilities include, among other, penetration testing, demos and social engineering campaigns (email, USB key, etc.).

BallisKit is a French company founded by Emeric Nasi.

Contact us





Our products for RedTeams
Automation and Expertise

MacroPack Pro

MacroPack Pro is a Swiss-army knife for initial vector generation. It helps Red Teams automate, weaponize and deliver payloads while offering robust defense bypass techniques.

MacroPack Pro supports the latest trend in payload generation such as LNK, URL, ClickOnce, HTML smuggling. It can be used to generate or trojan classic Office formats (Word, Excel, PowerPoint, Publisher, OneNote, Visio, MS Project). If you are looking at Office alternatives, use MacroPack to generate scripts such as HTA, WSF, SCT, VBS, MSI, etc.

MacroPack Pro is compatible with common offensive frameworks and tools such as Sliver, Merlin, Cobalt Strike, Mythic, Empire, among others.

Payloads ByPass
AV static analysis Heuristic analysis Behavioural analysis (AMSI) Attack Surface Reduction (ASR)
Common dropper, default C2 implants
DCommon dropper, default C2 implants by MacroPack Pro

MacroPack Pro is regularly tested against multiple Antivirus and EDRs and come with regular updates as well as email and live support on our Discord customer space.
MacroPack Pro can be used to generate or trojan a diversity of formats and is highly customisable.
MacroPack Pro includes supply chain attack options. It supports generation and trojaning of Malicious MSI. But also malicious Clickonce, HTML Smuggling, malicious shortcuts, help files, or trojaned Visual Studio project.
MacroPack Pro comes with a set of templates and methods to help you generate the right payload for your objective. There are several additional advanced options enabling detection bypass.

Turnkey Templates

  • Command execution
  • Run shellcode from current process (including stageless shellcodes)
  • Inject shellcode in process
  • Download and execute exe, dll, or script
  • Download and load XSL
  • Drop and run embedded exe, dll, or script
  • Target enumeration
  • Empire/PowerShell stager

Supported Payloads

  • Popular: LNK, Clickonce,
  • Scripts: BAT, VBS, HTA, SCT, WSF, XSL
  • Office: Word, Excel, PowerPoint, Publisher, OneNote
  • MS Project & Visio
  • MSI Installers
  • Compiled help files (CHM)
  • Visual Studio Project
  • Misc: URL, INF, IQY, SLK, Excel 4.0 , etc.
  • Containers such as ISO volume, zip, 7zip, etc.
  • HTML smuggling

Security Bypass

  • AV/Edr Bypass tested during real operations
  • VBA, VBS, and command line obfuscation
  • Self decode in memory
  • Run payloads from memory
  • Multiple AMSI bypass
  • Social Engineering tricks
  • Anti sandbox and anti reverse engineering
  • ASR bypass
  • Multiple UAC bypass
  • XLM injection

MacroPack Pro comes with several ready-to-use templates as well as an array of weaponization features including EDR bypass, airgap bypass, sandbox detection, obfuscation, exe/dll embedding, etc.
We cannot list all the options here (there are 14 methods just for command line execution!), but do not hesitate to ask for user documentation or a quick call!

Contact us for more information or have a look at some nice demos

ShellcodePack

ShellcodePack helps offensive security teams to manipulate, generate, and weaponize shellcode and shellcode-based payloads. It also provides social engineering features and defense bypass techniques.

Note: Most of ShellcodePack features like encryption, domain check, bypasses, are encoded directly in assembly code inside the shellcode. Not in the launcher. This means the raw shellcode itself is weaponized, and can be used in a third party loader like MacroPack Pro.

ShellcodePack generates payloads in multiple formats and is compatible with common offensive frameworks/ tools such as Merlin and Sliver, among others. Users feed ShellcodePack a third party shellcode or use one of the ready-to-use templates. ShellcodePack also implements features to help vulnerability research and exploitation such as DLL proxy, service generation, etc.
ShellcodePack is regularly tested successfully to bypass Antivirus and advanced EDR products. ShellcodePack is delivered with ready to use bypass profiles which you can select to bypass a targeted EDR

Checkout the EDR bypass profile demo here.

Some Features:

  • Generate and trojan binary files
  • Turn DLL and .NET assemblies into shellcode
  • Custom code encryption and bypass stub
  • Assembly instructions mutation and obfuscation
  • Various guardrails (ex: Domain verification)
  • Multiple shellcode launcher methods
  • Various social engineering features (file extension spoofing, icon, decoys, etc.)
  • Signature spoofing, manifest spoofing
  • ETW patching, Dll unhooking

Supported file input formats:

  • Raw shellcode format: .bin
  • Portable Executable .exe, .dll
  • .NET assemblies (Can be used to weaponize .NET tools)
  • Nasm format assembly code: .asm
  • C source code launching hex shellcode: .c
  • Python source code launching hex shellcode: .py
  • Text file containing hex shellcode: .txt

Shellcode file generation formats:

  • Raw shellcode format: .bin
  • C source code launching hex shellcode: .c
  • Python source code launching hex shellcode: .py
  • Nasm format assembly code: .asm
  • Portable Executable: .exe
  • Portable Executable (DLL): .dll
  • Portable Executable (Control Panel): .cpl
  • Office Add-ins: .xll, .wll
  • Text file containing hex shellcode: .txt

DarwinOps

DarwinOps help RedTeams targeting Mac OS platforms. DarwinOps is a Mac OS equivalent to MacroPack Pro and also includes post exploitation options.

Here are some features available:

  • Several on shelf initial access scenarios
  • Multiple input/output formats
  • Multiple obfuscation methods and bypass options
  • EDR bypass profiles
  • Privilege escalation and persistence methods
  • Compatible with several C2 such as Sliver and Mythic

Several features are based on private research and are unique to DarwinOps to bring to our customers the same level of experience they have with MacroPack Pro and ShellcodePack As for all our tooling, DarwinOps is available in both command line and GUI mode. Note that DarwinOp can run on both Windows and MacOS however some payload can only be generated on MacOS.

Turnkey Scenarios

  • Command execution
  • Run shellcode from a binary
  • Download and execute payload
  • Download and load JXA
  • Drop and run embedded payload
  • Target enumeration

Supported Payloads

  • Malicious App
  • JavaScript file
  • Shell script
  • Visual Studio Code extension
  • Package File
  • Dynamic Library
  • Mach-O Binary
  • Disk Images, ISO volume, zip, 7zip, etc.
  • HTML smuggling

Security Bypass

  • EDR Bypass Profiles
  • Several Code Obfuscation
  • Run payloads from memory
  • GateKeeper Bypass Tips
  • Social Engineering tricks
  • Anti sandbox and anti reverse engineering
  • Private Evasion Methods
  • Privilege Elevation
  • Persistence Methodes

License Model

Our products are available on annual license basis. There are two kind of licenses single user and Team.

Single User License Prices
MacroPack: 1350€
ShellcodePack: 875€
DarwinOps: 1990€

Team License (5 person)
Contact us

The single-user and the team both include one year support for payload generation and access to our Discord community. You will also receive regular updates including security solutions bypasses and customer suggested new features.

The team license is usually for about 5 people and is much cheaper than the single user license in proportion to the number of users. Some discount is also available for purchase of the three tool bundle (MacroPack, DarwinOps, ShellcodePack).

Contact us for more information.



Trainings
& "Payload as a
Service"

We offer trainings and consulting services for Pentesters and Red Teams. We can help you select the right payload to achieve your goals in your specific context. We also offer support on the development os specific weaponization methods and bypass os specific detection mechanisms. Our work also includes custom payloads, weaponization, and zero-day research (bypass and vulnerability).

 



Blog Posts

Our products and services are based on export security research, part of which are available on Sevagas blog.
Below are 3 of the posts you can find on the blog. Browse the blog if you are interrested into technical details.

 

DLL Hijacking with ShellcodePack

October 2024

Did you know those techniques are (again) a big current trend for Redteam operations? BallisKit ShellcodePack has multiple options to generate DLL payloads. Here is a tutorial on how to perform COM hijacking for persistance using a ShellcodePack generated DLL.

Combine Sliver C2 with BallisKit MacroPack Pro and ShellcodePack

20 Jun 2023

Discover how to drop Sliver implants while evading security solutions using BallisKit MacroPack Pro and ShellcodePack.

RedTeam With OneNote

9 august 2022

OneNote is one of the Office suite components which is often overlooked when RedTeaming. Though OneNote cannot execute VBA Macros, it has an important potential for phishing as an initial vector.





Contact us!

To contact us, please send an email to contact[ at ]balliskit.com.
Inquiries are only accepted from professional email address. Anonymous domains auch as gmail or protonmail are not accepted.
Exchanges can be secured via GPG encrypted emails.

Watch all demo videos Follow us on twitter



BallisKit

© 2020-2025 BALLISKIT VAT FR14921468120 - contact[ at ]balliskit.com
LinkeDin . Twitter . Research Blog . Github

BALLISKIT SAS

SIREN 921468120 / EORI FR92146812000016

494 rue Leon Blum, 34000 Montpellier, France

contact[ at ]balliskit.com
The information contained in this website is for general information purposes only. The information is provided by BALLISKIT and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of BALLISKIT. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, BALLISKIT takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Top photo by Andrey Kremkov on Unsplash