Sébastien @SebHalot

#Balliskit Tip: You need a way to launch your favorite C2 on the target but you don't know how the dropper can evade the EDR? MacroPack Pro and ShellcodePack are compatible with all C2! (free and commercial) And include bypass profiles to help you with that EDR evasion ;)

Demo: Emulate UNC4990 threat actor with MacroPack Pro This video explains: - How MacroPack can be used to quickly emulate threat actors initial access methods - Generate an LNK shellcode launcher (Sliver implant) - Defender Antivirus bypass #redteam youtu.be/tmTb2xqcASs?si…

Just released a new MacroPack version 🥳🥳 For the first time with a GUI! Also includes new bypass methods for LNK payloads, and many more features (DM me or send an email if you want more details) #redteam #BallisKit

New MacroPack Pro release (2.4.1)! With new HTML smuggling support and focus on LNK shortcuts generation and bypass (tested on multiple AV engines). #redteam #macropack Reminder a demo is available here: vimeo.com/746952330

Yes, because what else? #StreetFighter @_leHACK_ #lehack2022

Here is a video about combining #Sliver and #ShellcodePack. Defender bypass included! Courtesy of @MC_Info_Sec vimeo.com/728866443

So I am releasing a new tool to help manipulate and weaponize shellcodes. Its called ShellcodePack. Here is a first demo video. #redteam #shellcode youtu.be/d3_dcEKLJbc

MacroPack Pro 2.1.5 is out! Here is a demo of the persistence feature on an Excel shellcode launcher payload. Notice the AV bypassed on the side. As usual, only non anonymous professional inquiries are accepted. #redteam #balliskit youtu.be/6hwfQWsmoes

I wrote this post about writing a stealth VBA RAT in 2016. blog.sevagas.com/?My-VBA-Bot Part of it went into MacroPack Pro but I did not release a RAT and C&C itself as there are already a lot of tools available. However I wonder if someone could need a pure VBA RAT for redteam?

MacroPack Pro Tip: You can spoof your payload file extension with the --unicode-rtlo option ex: Generate an hta file which appear with png extension in explorer macro_pack.exe -G _samples\hello.hta -t HELLO --unicode-rtlo=png

To improve my VBA direct syscall code, I integrated a modified version of syswhispers1 to #ShellcodePack to be able to generate shellcode calling syscall in both 64process and also wow64 32bit mode. In the pic below I generate NtCreateThread VBA to use with #MacroPack Pro.

MacroPack Pro Tip: Classic compiled help files can be trojaned with option -T. And be used to execute any MacroPack template&macro without any warning or confirmation prompt! See below meterpreter in a malicious DbgView help file. youtu.be/TOZRWUfGwz4

@AXAJobs_fr #DevoxxFR #AXA

#Ndh16

@deniswsrosa I am the owner of this ticket :-)

#AXA #DevoxxFR @AXAJobs_fr

When you realize you can find past privately accessed URLs in Linux swap... #swap_digger

Google : 6 moteurs de recherche alternatifs limportant.fr/infos-tech/7/3… #Tech

Venez nous montrer votre #RT de ce tweet pour repartir avec un beau tee-shirt édition 🔥✌️#ndhXV