MacroPack v2.8.7 is out!
New GUI & updated EDR evasion! New features include Advanced LNK spoofing, expanded .NET obfuscation, and ML-evasion.
For authorized red-team use!
#RedTeam #offensivesecurity
14.10.2025 16:10 β π 3 π 2 π¬ 0 π 0
MacOS red-team made practical β Objective-C implant for DarwinOps!
Private Mythic C2 implant: lightweight (in-memory shellcode), post-exploitation, EDR & MDM evasion, integrates with DarwinOps + GateKeeper bypass.
Contact us for more details!
#RedTeam #macOS
02.10.2025 16:00 β π 1 π 2 π¬ 0 π 0
The next version of MacroPack is going to be huge! A new GUI, updated EDR bypass profiles, new evasion options, and many other things :)
#redteam
24.09.2025 15:52 β π 1 π 1 π¬ 0 π 0
macOS DYLIB Injection at Scale: Designing a Self-Sufficient Loader
Letβs explore Dylib injection and Dylib proxying on macOS (the equivalent of Windows DLL injection)
Binary injection vulnerabilities can be found in many MacOS apps. Those may be abused to bypass EDR, hide backdoor, access memory, or bypass TCC!
DarwinOps provides
- An advanced injection vulnerability scanner
- A redteam scenario to exploit them
#redteam
blog.balliskit.com/macos-dylib-...
17.09.2025 16:25 β π 3 π 2 π¬ 0 π 0
ShellcodePack 2.7.5 is now available!
It includes updated bypass profiles for major EDRs
We also improved:
- ML detection evasion
- ETW Patch
- CallStack Spoofing
ShellcodePack can be used to weaponize any raw shellcode or PE including DotNET, Go, and Rust :)
#redteam
08.09.2025 16:16 β π 3 π 1 π¬ 0 π 0
Initial Access on MacOS made easy !
DarwinOps now supports DMG phishing profiles!
Those are on shelf realistic templates with Gatekeeper bypass techniques :)
This version also introduce a binary injection vulnerability scanner for MacOS!
#redteam
14.08.2025 15:55 β π 2 π 1 π¬ 0 π 0
MacOS DMG phishing templates are coming in the next DarwinOps release!
Ready to use, configurable, and with new GateKeeper bypass strategies!
#redteam
01.08.2025 14:55 β π 2 π 1 π¬ 0 π 0
We are adding a binary injection vulnerability scanner to DarwinOps!
-> A DarwinOps JXA template
-> Scan for Injection vulnerabilities in binaries and Apps
Vulnerable binaries could be abused to bypass EDR, hide a backdoor, access memory, or bypass TCC!
#redteam
22.07.2025 15:24 β π 3 π 1 π¬ 0 π 0
Obfuscation and weaponization ofΒ .NET assemblies using MacroPack
For a couple of years now,Β .NET have been the go to language for a lot of famous offensive security tools like Rubeus, SeatBeltβ¦
Here is a reminder that a Powerful DotNET obfuscator is available in MacroPack. Assembly level obfuscation (or course). With the latest 2.7.5 it supports all your favorite #redteam DotNET tools!
And tested on major EDRs :)
blog.balliskit.com/obfuscation-...
25.06.2025 16:20 β π 2 π 1 π¬ 0 π 0
MacOS security is very different from Windows.
DarwinOps, our redteam tool targeting MacOS can help you tackle that issue!
@antoineds.bsky.social just posted on our blog to help you understand the basics of initial access on MacOS with DarwinOps
#redteam
23.06.2025 16:39 β π 2 π 1 π¬ 0 π 0
A new version of MacroPack Pro with improved DotNET obfuscator, new shellcode launcher, improved clickonce, and more will be released soon! Also, after Sliver, we a preparing tutorials with Mythic Apollo and Havoc π
#redteam
27.05.2025 15:08 β π 4 π 1 π¬ 0 π 0
YouTube video by Sevagas
Rubeus and Mythic Apollo DotNET Payload Obfuscation with MacroPack
Rubeus and Mythic Apollo DotNET Payload Obfuscation with MacroPack!
This video demonstrates the next MacroPack Pro features:
- DotNET obfuscation and evasion
- EDR Bypass ready to use profiles
- Compatibility with Mythic Apollo stager
#redteam
youtu.be/mzuT1MAQSXY
21.05.2025 15:52 β π 2 π 1 π¬ 0 π 0
macOS DYLIB Injection at Scale: Designing a Self-Sufficient Loader
Letβs explore Dylib injection and Dylib proxying on macOS (the equivalent of Windows DLL injection)
DLL injection and DLL proxying on macOS? Yes it is possible! Checkout this blog by @antoineds.bsky.social
about macOS automated DYLIB injection!
blog.balliskit.com/macos-dylib-...
#redteam
16.05.2025 12:45 β π 2 π 1 π¬ 0 π 0
When Osascript Goes Undetected: A Look at EDR Network Blind Spots
Discover how JXA subprocesses and custom network extensions can silently bypass macOS EDRs by evading audit and PID-based detection.
Bypassing EDRs on MacOS can be a challenge.
In our new blog post, @antoineds.bsky.social describes how EDRs leverage MacOS Network Extension to detect C2s and how to bypass this kind of detection using Mythic Apfell as an example.
#redteam
blog.balliskit.com/when-osascri...
15.04.2025 15:55 β π 3 π 1 π¬ 0 π 0
For us, EDR bypass is not just a buzzword.
MacroPack, ShellcodePack, and DarwinOps all come with bypass presets for major EDRs and Antivirus
Those presets are regularly updated and tested!
If you want to see a demo or an equivalent screenshot for the major EDRs contact us !
#redteam
03.04.2025 15:47 β π 3 π 2 π¬ 0 π 0
Loading a shellcode from a file/URL with ShellcodePack
Shellcode in EXE files can sometimes be detected during static analysis, requiring various kinds of obfuscation to bypass EDRs.
Thisβ¦
Balliskit Evasion Tip π€
To help with static analysis detection by EDR,
ShellcodePack implements a method to load a shellcode from a separate file or from an URL
This tutorial explains how to use that option!
#redteam
blog.balliskit.com/loading-a-sh...
20.03.2025 17:18 β π 3 π 2 π¬ 0 π 0
Setup and weaponize Mythic C2 using DarwinOps to target MacOS
Weβll look at how to set up Mythic C2 and its Apfell implant on MacOS. We will weaponize that implant to bypass EDRs using BallisKitβ¦
Redteaming on MacOS is hard... But BallisKit can help you!
You can use DarwinOps to weaponize a Mythic C2 implant for MacOS and bypass EDRs!
Checkout this blog Post by @antoinedss
#redteam
blog.balliskit.com/setup-and-we...
06.03.2025 17:05 β π 3 π 1 π¬ 0 π 0
Obfuscate SharpHound? It's now possible with MacroPack. An version of MacroPack Pro was just released to improve our DotNET obfuscator!
We now support packages build with tools like Costura!
We tested we could obfuscate SharpHound, KrbRelay, and Mythic Apollo agent
03.03.2025 16:54 β π 2 π 1 π¬ 0 π 0
Obfuscation and weaponization ofΒ .NET assemblies using MacroPack
For a couple of years now,Β .NET have been the go to language for a lot of famous offensive security tools like Rubeus, SeatBeltβ¦
You need to run Rubeus, Seatbelt, or other .NET tool on an EDR protected machine?
Well with the new version, MacroPack Pro is now also a powerful assembly obfuscation/weaponization tool ! π
We wrote a tutorial about that here:
blog.balliskit.com/obfuscation-...
17.02.2025 16:32 β π 3 π 2 π¬ 0 π 0
Did you know ShellcodePack can be used to pack and weaponize third party exe, dll, .NET in addition to raw shellcodes?
Example with Mimikatz!
#redteam
07.02.2025 17:11 β π 2 π 1 π¬ 0 π 0
YouTube video by Offensive X
OFFENSIVEX Hacking Conference 2024 - Emeric Nasi
The video for my Advance Initial Access talk at Offensive X last year is available!
#redteam
Watch the talk here:
youtu.be/bA2p27gQK4M?...
23.01.2025 16:15 β π 1 π 1 π¬ 1 π 0
Message for BallisKit customers!
We are looking for customers who are willing to endorse us on our website.
We often get asked about reference and it would be really helpful to show names. I know for some of you it's not possible but if you want to help please reach out it would really help us !
22.01.2025 14:13 β π 2 π 1 π¬ 0 π 0
Need initial access payloads for MacOS?
Need help to bypass EDR on MacOS?
Need undetected persistance on MacOS?
Say no more and contact us about DarwinOps
Our redteam ToolKit dedicated to MacOS!
#redteam
16.01.2025 16:58 β π 2 π 1 π¬ 0 π 0
YouTube video by Sevagas
Redteam: Bypass EDR and deploy Mythic implant on MacOS using DarwinOps
Many redteamers are used to Windows but have difficulties to address Mac OS. To help them, BallisKit released DarwinOps!
This video demo:
- Generation of malicious application
- Code obfuscation
- EDR Bypass ready to use profiles
- Compatibility with C2
#redteam
youtu.be/8B1UOLxuTgM
07.01.2025 16:05 β π 4 π 1 π¬ 0 π 0
The next MacroPack will include a DotNET weaponization scenario!
To obfuscate assemblies, and generate loaders in various languages.
Ex: Turn Rubeus into a VBS or BAT file and call it with arguments as if it was the original file!
Or just keep the EXE format if you prefer , but evade EDRs!
30.12.2024 16:04 β π 1 π 1 π¬ 0 π 0
