BallisKit
@balliskit.bsky.social
BallisKit provides tooling and services to professional Pentesters & Red Teams.
We develop MacroPack Pro and ShellcodePack.
www.balliskit.com
We develop MacroPack Pro and ShellcodePack.
www.balliskit.com
MacroPack v2.8.7 is out!
New GUI & updated EDR evasion! New features include Advanced LNK spoofing, expanded .NET obfuscation, and ML-evasion.
For authorized red-team use!
#RedTeam #offensivesecurity
New GUI & updated EDR evasion! New features include Advanced LNK spoofing, expanded .NET obfuscation, and ML-evasion.
For authorized red-team use!
#RedTeam #offensivesecurity
October 14, 2025 at 4:10 PM
MacroPack v2.8.7 is out!
New GUI & updated EDR evasion! New features include Advanced LNK spoofing, expanded .NET obfuscation, and ML-evasion.
For authorized red-team use!
#RedTeam #offensivesecurity
New GUI & updated EDR evasion! New features include Advanced LNK spoofing, expanded .NET obfuscation, and ML-evasion.
For authorized red-team use!
#RedTeam #offensivesecurity
Reposted by BallisKit
The next version of MacroPack is going to be huge! A new GUI, updated EDR bypass profiles, new evasion options, and many other things :)
#redteam
#redteam
September 24, 2025 at 3:52 PM
The next version of MacroPack is going to be huge! A new GUI, updated EDR bypass profiles, new evasion options, and many other things :)
#redteam
#redteam
Reposted by BallisKit
Binary injection vulnerabilities can be found in many MacOS apps. Those may be abused to bypass EDR, hide backdoor, access memory, or bypass TCC!
DarwinOps provides
- An advanced injection vulnerability scanner
- A redteam scenario to exploit them
#redteam
blog.balliskit.com/macos-dylib-...
DarwinOps provides
- An advanced injection vulnerability scanner
- A redteam scenario to exploit them
#redteam
blog.balliskit.com/macos-dylib-...
macOS DYLIB Injection at Scale: Designing a Self-Sufficient Loader
Let’s explore Dylib injection and Dylib proxying on macOS (the equivalent of Windows DLL injection)
blog.balliskit.com
September 17, 2025 at 4:25 PM
Binary injection vulnerabilities can be found in many MacOS apps. Those may be abused to bypass EDR, hide backdoor, access memory, or bypass TCC!
DarwinOps provides
- An advanced injection vulnerability scanner
- A redteam scenario to exploit them
#redteam
blog.balliskit.com/macos-dylib-...
DarwinOps provides
- An advanced injection vulnerability scanner
- A redteam scenario to exploit them
#redteam
blog.balliskit.com/macos-dylib-...
ShellcodePack 2.7.5 is now available!
It includes updated bypass profiles for major EDRs
We also improved:
- ML detection evasion
- ETW Patch
- CallStack Spoofing
ShellcodePack can be used to weaponize any raw shellcode or PE including DotNET, Go, and Rust :)
#redteam
It includes updated bypass profiles for major EDRs
We also improved:
- ML detection evasion
- ETW Patch
- CallStack Spoofing
ShellcodePack can be used to weaponize any raw shellcode or PE including DotNET, Go, and Rust :)
#redteam
September 8, 2025 at 4:16 PM
ShellcodePack 2.7.5 is now available!
It includes updated bypass profiles for major EDRs
We also improved:
- ML detection evasion
- ETW Patch
- CallStack Spoofing
ShellcodePack can be used to weaponize any raw shellcode or PE including DotNET, Go, and Rust :)
#redteam
It includes updated bypass profiles for major EDRs
We also improved:
- ML detection evasion
- ETW Patch
- CallStack Spoofing
ShellcodePack can be used to weaponize any raw shellcode or PE including DotNET, Go, and Rust :)
#redteam
Initial Access on MacOS made easy !
DarwinOps now supports DMG phishing profiles!
Those are on shelf realistic templates with Gatekeeper bypass techniques :)
This version also introduce a binary injection vulnerability scanner for MacOS!
#redteam
DarwinOps now supports DMG phishing profiles!
Those are on shelf realistic templates with Gatekeeper bypass techniques :)
This version also introduce a binary injection vulnerability scanner for MacOS!
#redteam
August 14, 2025 at 3:55 PM
Initial Access on MacOS made easy !
DarwinOps now supports DMG phishing profiles!
Those are on shelf realistic templates with Gatekeeper bypass techniques :)
This version also introduce a binary injection vulnerability scanner for MacOS!
#redteam
DarwinOps now supports DMG phishing profiles!
Those are on shelf realistic templates with Gatekeeper bypass techniques :)
This version also introduce a binary injection vulnerability scanner for MacOS!
#redteam
MacOS DMG phishing templates are coming in the next DarwinOps release!
Ready to use, configurable, and with new GateKeeper bypass strategies!
#redteam
Ready to use, configurable, and with new GateKeeper bypass strategies!
#redteam
August 1, 2025 at 2:55 PM
MacOS DMG phishing templates are coming in the next DarwinOps release!
Ready to use, configurable, and with new GateKeeper bypass strategies!
#redteam
Ready to use, configurable, and with new GateKeeper bypass strategies!
#redteam
Reposted by BallisKit
We are adding a binary injection vulnerability scanner to DarwinOps!
-> A DarwinOps JXA template
-> Scan for Injection vulnerabilities in binaries and Apps
Vulnerable binaries could be abused to bypass EDR, hide a backdoor, access memory, or bypass TCC!
#redteam
-> A DarwinOps JXA template
-> Scan for Injection vulnerabilities in binaries and Apps
Vulnerable binaries could be abused to bypass EDR, hide a backdoor, access memory, or bypass TCC!
#redteam
July 22, 2025 at 3:24 PM
We are adding a binary injection vulnerability scanner to DarwinOps!
-> A DarwinOps JXA template
-> Scan for Injection vulnerabilities in binaries and Apps
Vulnerable binaries could be abused to bypass EDR, hide a backdoor, access memory, or bypass TCC!
#redteam
-> A DarwinOps JXA template
-> Scan for Injection vulnerabilities in binaries and Apps
Vulnerable binaries could be abused to bypass EDR, hide a backdoor, access memory, or bypass TCC!
#redteam
Here is a reminder that a Powerful DotNET obfuscator is available in MacroPack. Assembly level obfuscation (or course). With the latest 2.7.5 it supports all your favorite #redteam DotNET tools!
And tested on major EDRs :)
blog.balliskit.com/obfuscation-...
And tested on major EDRs :)
blog.balliskit.com/obfuscation-...
Obfuscation and weaponization of .NET assemblies using MacroPack
For a couple of years now, .NET have been the go to language for a lot of famous offensive security tools like Rubeus, SeatBelt…
blog.balliskit.com
June 25, 2025 at 4:20 PM
Here is a reminder that a Powerful DotNET obfuscator is available in MacroPack. Assembly level obfuscation (or course). With the latest 2.7.5 it supports all your favorite #redteam DotNET tools!
And tested on major EDRs :)
blog.balliskit.com/obfuscation-...
And tested on major EDRs :)
blog.balliskit.com/obfuscation-...
Reposted by BallisKit
MacOS security is very different from Windows.
DarwinOps, our redteam tool targeting MacOS can help you tackle that issue!
@antoineds.bsky.social just posted on our blog to help you understand the basics of initial access on MacOS with DarwinOps
#redteam
DarwinOps, our redteam tool targeting MacOS can help you tackle that issue!
@antoineds.bsky.social just posted on our blog to help you understand the basics of initial access on MacOS with DarwinOps
#redteam
June 23, 2025 at 4:39 PM
MacOS security is very different from Windows.
DarwinOps, our redteam tool targeting MacOS can help you tackle that issue!
@antoineds.bsky.social just posted on our blog to help you understand the basics of initial access on MacOS with DarwinOps
#redteam
DarwinOps, our redteam tool targeting MacOS can help you tackle that issue!
@antoineds.bsky.social just posted on our blog to help you understand the basics of initial access on MacOS with DarwinOps
#redteam
Reposted by BallisKit
New tuto! Weaponize Mythic Apollo using MacroPack and ShellcodePack. Tested on EDRs of course.
blog.balliskit.com/tutorial-myt...
#redteam
blog.balliskit.com/tutorial-myt...
#redteam
Tutorial: Mythic Apollo with BallisKit MacroPack and ShellcodePack
Learn how to weaponize Mythic Apollo with BallisKit redteaming tools
blog.balliskit.com
June 6, 2025 at 3:13 PM
New tuto! Weaponize Mythic Apollo using MacroPack and ShellcodePack. Tested on EDRs of course.
blog.balliskit.com/tutorial-myt...
#redteam
blog.balliskit.com/tutorial-myt...
#redteam
A new version of MacroPack Pro with improved DotNET obfuscator, new shellcode launcher, improved clickonce, and more will be released soon! Also, after Sliver, we a preparing tutorials with Mythic Apollo and Havoc 😎
#redteam
#redteam
May 27, 2025 at 3:08 PM
A new version of MacroPack Pro with improved DotNET obfuscator, new shellcode launcher, improved clickonce, and more will be released soon! Also, after Sliver, we a preparing tutorials with Mythic Apollo and Havoc 😎
#redteam
#redteam
Rubeus and Mythic Apollo DotNET Payload Obfuscation with MacroPack!
This video demonstrates the next MacroPack Pro features:
- DotNET obfuscation and evasion
- EDR Bypass ready to use profiles
- Compatibility with Mythic Apollo stager
#redteam
youtu.be/mzuT1MAQSXY
This video demonstrates the next MacroPack Pro features:
- DotNET obfuscation and evasion
- EDR Bypass ready to use profiles
- Compatibility with Mythic Apollo stager
#redteam
youtu.be/mzuT1MAQSXY
Rubeus and Mythic Apollo DotNET Payload Obfuscation with MacroPack
YouTube video by Sevagas
youtu.be
May 21, 2025 at 3:52 PM
Rubeus and Mythic Apollo DotNET Payload Obfuscation with MacroPack!
This video demonstrates the next MacroPack Pro features:
- DotNET obfuscation and evasion
- EDR Bypass ready to use profiles
- Compatibility with Mythic Apollo stager
#redteam
youtu.be/mzuT1MAQSXY
This video demonstrates the next MacroPack Pro features:
- DotNET obfuscation and evasion
- EDR Bypass ready to use profiles
- Compatibility with Mythic Apollo stager
#redteam
youtu.be/mzuT1MAQSXY
Reposted by BallisKit
How to weaponize Sliver C2 and evade EDRs?
With BallisKit ShellcodePack and MacroPack of course!
Checkout this new tutorial on our blog!
#redteam
blog.balliskit.com/tutorial-sli...
With BallisKit ShellcodePack and MacroPack of course!
Checkout this new tutorial on our blog!
#redteam
blog.balliskit.com/tutorial-sli...
Tutorial: Sliver C2 with BallisKit MacroPack and ShellcodePack
In this tutorial, we are going to see how to drop Sliver implants while evading security solutions using BallisKit tooling for Redteam.
blog.balliskit.com
May 6, 2025 at 3:57 PM
How to weaponize Sliver C2 and evade EDRs?
With BallisKit ShellcodePack and MacroPack of course!
Checkout this new tutorial on our blog!
#redteam
blog.balliskit.com/tutorial-sli...
With BallisKit ShellcodePack and MacroPack of course!
Checkout this new tutorial on our blog!
#redteam
blog.balliskit.com/tutorial-sli...
Reposted by BallisKit
DLL injection and DLL proxying on macOS? Yes it is possible! Checkout this blog by @antoineds.bsky.social
about macOS automated DYLIB injection!
blog.balliskit.com/macos-dylib-...
#redteam
about macOS automated DYLIB injection!
blog.balliskit.com/macos-dylib-...
#redteam
macOS DYLIB Injection at Scale: Designing a Self-Sufficient Loader
Let’s explore Dylib injection and Dylib proxying on macOS (the equivalent of Windows DLL injection)
blog.balliskit.com
May 16, 2025 at 12:45 PM
DLL injection and DLL proxying on macOS? Yes it is possible! Checkout this blog by @antoineds.bsky.social
about macOS automated DYLIB injection!
blog.balliskit.com/macos-dylib-...
#redteam
about macOS automated DYLIB injection!
blog.balliskit.com/macos-dylib-...
#redteam
How to weaponize Sliver C2 and evade EDRs?
With BallisKit ShellcodePack and MacroPack of course!
Checkout this new tutorial on our blog!
#redteam
blog.balliskit.com/tutorial-sli...
With BallisKit ShellcodePack and MacroPack of course!
Checkout this new tutorial on our blog!
#redteam
blog.balliskit.com/tutorial-sli...
Tutorial: Sliver C2 with BallisKit MacroPack and ShellcodePack
In this tutorial, we are going to see how to drop Sliver implants while evading security solutions using BallisKit tooling for Redteam.
blog.balliskit.com
May 6, 2025 at 3:57 PM
How to weaponize Sliver C2 and evade EDRs?
With BallisKit ShellcodePack and MacroPack of course!
Checkout this new tutorial on our blog!
#redteam
blog.balliskit.com/tutorial-sli...
With BallisKit ShellcodePack and MacroPack of course!
Checkout this new tutorial on our blog!
#redteam
blog.balliskit.com/tutorial-sli...
Bypassing EDRs on MacOS can be a challenge.
In our new blog post, @antoineds.bsky.social describes how EDRs leverage MacOS Network Extension to detect C2s and how to bypass this kind of detection using Mythic Apfell as an example.
#redteam
blog.balliskit.com/when-osascri...
In our new blog post, @antoineds.bsky.social describes how EDRs leverage MacOS Network Extension to detect C2s and how to bypass this kind of detection using Mythic Apfell as an example.
#redteam
blog.balliskit.com/when-osascri...
When Osascript Goes Undetected: A Look at EDR Network Blind Spots
Discover how JXA subprocesses and custom network extensions can silently bypass macOS EDRs by evading audit and PID-based detection.
blog.balliskit.com
April 15, 2025 at 3:55 PM
Bypassing EDRs on MacOS can be a challenge.
In our new blog post, @antoineds.bsky.social describes how EDRs leverage MacOS Network Extension to detect C2s and how to bypass this kind of detection using Mythic Apfell as an example.
#redteam
blog.balliskit.com/when-osascri...
In our new blog post, @antoineds.bsky.social describes how EDRs leverage MacOS Network Extension to detect C2s and how to bypass this kind of detection using Mythic Apfell as an example.
#redteam
blog.balliskit.com/when-osascri...
For us, EDR bypass is not just a buzzword.
MacroPack, ShellcodePack, and DarwinOps all come with bypass presets for major EDRs and Antivirus
Those presets are regularly updated and tested!
If you want to see a demo or an equivalent screenshot for the major EDRs contact us !
#redteam
MacroPack, ShellcodePack, and DarwinOps all come with bypass presets for major EDRs and Antivirus
Those presets are regularly updated and tested!
If you want to see a demo or an equivalent screenshot for the major EDRs contact us !
#redteam
April 3, 2025 at 3:47 PM
For us, EDR bypass is not just a buzzword.
MacroPack, ShellcodePack, and DarwinOps all come with bypass presets for major EDRs and Antivirus
Those presets are regularly updated and tested!
If you want to see a demo or an equivalent screenshot for the major EDRs contact us !
#redteam
MacroPack, ShellcodePack, and DarwinOps all come with bypass presets for major EDRs and Antivirus
Those presets are regularly updated and tested!
If you want to see a demo or an equivalent screenshot for the major EDRs contact us !
#redteam
Balliskit Evasion Tip 🤖
To help with static analysis detection by EDR,
ShellcodePack implements a method to load a shellcode from a separate file or from an URL
This tutorial explains how to use that option!
#redteam
blog.balliskit.com/loading-a-sh...
To help with static analysis detection by EDR,
ShellcodePack implements a method to load a shellcode from a separate file or from an URL
This tutorial explains how to use that option!
#redteam
blog.balliskit.com/loading-a-sh...
Loading a shellcode from a file/URL with ShellcodePack
Shellcode in EXE files can sometimes be detected during static analysis, requiring various kinds of obfuscation to bypass EDRs.
This…
blog.balliskit.com
March 20, 2025 at 5:18 PM
Balliskit Evasion Tip 🤖
To help with static analysis detection by EDR,
ShellcodePack implements a method to load a shellcode from a separate file or from an URL
This tutorial explains how to use that option!
#redteam
blog.balliskit.com/loading-a-sh...
To help with static analysis detection by EDR,
ShellcodePack implements a method to load a shellcode from a separate file or from an URL
This tutorial explains how to use that option!
#redteam
blog.balliskit.com/loading-a-sh...
Redteaming on MacOS is hard... But BallisKit can help you!
You can use DarwinOps to weaponize a Mythic C2 implant for MacOS and bypass EDRs!
Checkout this blog Post by @antoinedss
#redteam
blog.balliskit.com/setup-and-we...
You can use DarwinOps to weaponize a Mythic C2 implant for MacOS and bypass EDRs!
Checkout this blog Post by @antoinedss
#redteam
blog.balliskit.com/setup-and-we...
Setup and weaponize Mythic C2 using DarwinOps to target MacOS
We’ll look at how to set up Mythic C2 and its Apfell implant on MacOS. We will weaponize that implant to bypass EDRs using BallisKit…
blog.balliskit.com
March 6, 2025 at 5:05 PM
Redteaming on MacOS is hard... But BallisKit can help you!
You can use DarwinOps to weaponize a Mythic C2 implant for MacOS and bypass EDRs!
Checkout this blog Post by @antoinedss
#redteam
blog.balliskit.com/setup-and-we...
You can use DarwinOps to weaponize a Mythic C2 implant for MacOS and bypass EDRs!
Checkout this blog Post by @antoinedss
#redteam
blog.balliskit.com/setup-and-we...
Obfuscate SharpHound? It's now possible with MacroPack. An version of MacroPack Pro was just released to improve our DotNET obfuscator!
We now support packages build with tools like Costura!
We tested we could obfuscate SharpHound, KrbRelay, and Mythic Apollo agent
We now support packages build with tools like Costura!
We tested we could obfuscate SharpHound, KrbRelay, and Mythic Apollo agent
March 3, 2025 at 4:54 PM
Obfuscate SharpHound? It's now possible with MacroPack. An version of MacroPack Pro was just released to improve our DotNET obfuscator!
We now support packages build with tools like Costura!
We tested we could obfuscate SharpHound, KrbRelay, and Mythic Apollo agent
We now support packages build with tools like Costura!
We tested we could obfuscate SharpHound, KrbRelay, and Mythic Apollo agent
Reposted by BallisKit
You need to run Rubeus, Seatbelt, or other .NET tool on an EDR protected machine?
Well with the new version, MacroPack Pro is now also a powerful assembly obfuscation/weaponization tool ! 😎
We wrote a tutorial about that here:
blog.balliskit.com/obfuscation-...
Well with the new version, MacroPack Pro is now also a powerful assembly obfuscation/weaponization tool ! 😎
We wrote a tutorial about that here:
blog.balliskit.com/obfuscation-...
Obfuscation and weaponization of .NET assemblies using MacroPack
For a couple of years now, .NET have been the go to language for a lot of famous offensive security tools like Rubeus, SeatBelt…
blog.balliskit.com
February 17, 2025 at 4:32 PM
You need to run Rubeus, Seatbelt, or other .NET tool on an EDR protected machine?
Well with the new version, MacroPack Pro is now also a powerful assembly obfuscation/weaponization tool ! 😎
We wrote a tutorial about that here:
blog.balliskit.com/obfuscation-...
Well with the new version, MacroPack Pro is now also a powerful assembly obfuscation/weaponization tool ! 😎
We wrote a tutorial about that here:
blog.balliskit.com/obfuscation-...
We updated our "DLL Hijacking with ShellcodePack" tutorial following the release of version 2.7.2 😎
blog.balliskit.com/dll-hijackin...
blog.balliskit.com/dll-hijackin...
DLL Hijacking using ShellcodePack
Here is a little tutorial to perform some DLL Hijacking with BallisKit ShellcodePack (version 2.7.2 and above).
blog.balliskit.com
February 13, 2025 at 5:34 PM
We updated our "DLL Hijacking with ShellcodePack" tutorial following the release of version 2.7.2 😎
blog.balliskit.com/dll-hijackin...
blog.balliskit.com/dll-hijackin...
Did you know ShellcodePack can be used to pack and weaponize third party exe, dll, .NET in addition to raw shellcodes?
Example with Mimikatz!
#redteam
Example with Mimikatz!
#redteam
February 7, 2025 at 5:11 PM
Did you know ShellcodePack can be used to pack and weaponize third party exe, dll, .NET in addition to raw shellcodes?
Example with Mimikatz!
#redteam
Example with Mimikatz!
#redteam
Reposted by BallisKit
The video for my Advance Initial Access talk at Offensive X last year is available!
#redteam
Watch the talk here:
youtu.be/bA2p27gQK4M?...
#redteam
Watch the talk here:
youtu.be/bA2p27gQK4M?...
OFFENSIVEX Hacking Conference 2024 - Emeric Nasi
YouTube video by Offensive X
youtu.be
January 23, 2025 at 4:15 PM
The video for my Advance Initial Access talk at Offensive X last year is available!
#redteam
Watch the talk here:
youtu.be/bA2p27gQK4M?...
#redteam
Watch the talk here:
youtu.be/bA2p27gQK4M?...