MacroPack

MacroPack is a tool used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments.

About MacroPack

MacroPack is a tool used to automate obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments.
The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation.
It also provides a lot of helpful features useful for redteam or security research.
The community version is free and available on Github.

MacroPack Pro

MacroPack Pro version is a weaponized version for professionals only. The pro mode includes features such as:

  • Advance antimalware bypass
  • Multiple Shellcode injection method
  • Support of EXCEL 4.0 Macro (XLM)
  • Command line obfuscation (Dosfuscation)
  • ASR and AMSI bypass
  • Self unpacking VBA/VBS payloads
  • Trojan existing MS Office documents, Help files and Visual Studio projects.
  • Anti reverse engineering
  • Sandbox detection
  • Support of more formats such as Excel 4.0 SYLK and compiled help files
  • Run advanced VB payload from unusual formats
  • Weaponized templates and additional templates (ex EMPIRE, AUTOSHELLCODE)
  • Lot of more advanced stuff

For more information, read about MacroPack Pro on the BallisKit website.

Note that MP pro is only available as a commercial offer for professionals. If you are in an offensive security audit team and would like more information on how to get "pro" version you can contact me at emeric.nasi[ at ]sevagas.com.

The last articles

RedTeam With OneNote
Published on 9 August 2022
by Emeric Nasi

License : Copyright Emeric Nasi (@EmericNasi), Lance James, some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

1. Foreword

OneNote is one of the Office suite components which is often overlooked when RedTeaming. Though OneNote (...)

RedTeam With Publisher
Published on 28 April 2022
by Emeric Nasi

License : Copyright Emeric Nasi (@EmericNasi), some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

1. Foreword

Microsoft Publisher is another tool of the Office suite which is often ignored when RedTeaming.

However, it has been (...)

Launch shellcodes and bypass Antivirus using MacroPack Pro VBA payloads
Published on 21 January 2021
by Emeric Nasi

License : Copyright Emeric Nasi (@EmericNasi), some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

About

If you have ever been frustrated with manually writing Office/VBS payloads that ends up being detected by antivirus read this (...)

Advanced MacroPack payloads: XLM Injection
Published on 18 September 2020
by Emeric Nasi

License : Copyright Emeric Nasi (@EmericNasi), some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

1. About

While developing MacroPack Community and Pro version I have been searching for nice existing or new ways to generate (...)

EXCEL 4.0 XLM macro in MacroPack Pro
Published on 18 September 2020
by Emeric Nasi

License : Copyright Emeric Nasi (@EmericNasi), some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

1. About

Excel 4.0 macro (also called XLM) have been commonly used by malicious operators these last years, it has also been (...)