MacroPack is a tool used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments.
The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation.
It also provides a lot of helpful features useful for redteam or security research.
The community version is free and available on Github.
MacroPack Pro version is a weaponized version for professionals only. The pro mode includes features such as:
- Advance antimalware bypass
- Multiple Shellcode injection method
- Support of EXCEL 4.0 Macro (XLM)
- Command line obfuscation (Dosfuscation)
- ASR and AMSI bypass
- Self unpacking VBA/VBS payloads
- Trojan existing MS Office documents, Help files and Visual Studio projects.
- Anti reverse engineering
- Sandbox detection
- Support of more formats such as Excel 4.0 SYLK and compiled help files
- Run advanced VB payload from unusual formats
- Weaponized templates and additional templates (ex EMPIRE, AUTOSHELLCODE)
- Lot of more advanced stuff
For more information, read about MacroPack Pro on the BallisKit website.
Note that MP pro is only available as a commercial offer for professionals. If you are in an offensive security audit team and would like more information on how to get "pro" version you can contact me at emeric.nasi[ at ]sevagas.com.