binary-offensive | Offensive IT Security

Red Macros Factory is an Initial Access Framework designed to help your Team speed up file weaponization and offer variety of techniques when one fails.

Battle-tested solution for Red Teams having little time for internal Research and Development or looking for alternative high-quality tooling to extend their arsenal.

With extensibility in mind, the Framework offers multiple tools letting your Team generate weaponized, obfuscated payloads - helping you securely breach!

Be advised! This leaflet is a bit outdated. New features are added faster than I can update this page.

Eager to learn more about the current list of capabilities? Request a demo today!

» 4 years in the makings, 1 year in commercial sale, 140.000+ lines of code
» Weaponize over 96+ file formats - each within seconds!
» Variety of techniques: 10+ Shellcode Loaders, 30+ script & Macro attacks, 18+ ready-made complex infection chains, 20+ LNK attacks, 8+ MSI attacks and more!
» Best part: Operators have full control of source code snippets (templates) used to build payloads! Framework allows customizing them and adding new ones!
» Eager to try out Multi-Language (C#, C++, soon even more!), malleable, evasive Shellcode Loader implementing variety of code injection techniques?
» HTML/SVG Smuggling gets your website blacklisted? RMF Smuggler produces heavily encrypted & obfuscated, anti-crawler ready smuggling payloads!
» Having in-house scripts or source codes you always wanted to obfucate? RMF Obfuscator heavily obfuscates 7+ languages! C++, C#, Powershell, Batch, VBA/VBS, JScript, HTML, ...
» Having lots of VBScript legacy tools and you wish to convert them to JScript some day cause Microsoft obsoletes VBS? I got you covered - RMF Converter translates VBA/VBS -> JScript

With Red Macros Factory you can generate 96+ obfuscated, fully weaponized vectors!
Shellcode Loaders:
» Built in various languages: C++, C#, ...
» Support variety of compilers: MinGW, MSVC, LLVM clang, MSbuild, csc, ...
» Variety of shellcode injection techniques: Threadless Injection, DirtyCLR & more...
» Multiple output formats supported: exe, dll, and a bunch more!
» Various shellcode retrieval strategies: hardcoded, file, URL, environment variables, ...
» Shellcode encryption & compression support out-of-the-box
» Several WinAPI resolvers to try out (Indirect Syscalls, Hashed Manual resolvers, etc.)
» Compile-Time & Runtime String Obfuscation
» A wide range of evasions, guardrails, time-delays to beat sandboxes and emulators!
Office documents (29+):
» Word: .doc, .docm, .dotm, .dot, .rtf, .mht
» Excel: .xls, .xlsm, .xltm, .xlt, .xlsb, .xla, .xlam
» PowerPoint: .pptm, .ppsm, .potm
» Access: .mdb, .accde
» Visio: .vdw, .vsd, .vsdm, .vss, .vssm, .vstm, .vst
» Project: .mpp, .mpt
» Publisher: .pub
» Outlook: .otm (used in Outlook persistence scenarios)
Scripts (11):
» .msc: Microsoft Management Console Snap-in
» .xsl: XML containing VBScript/JScript
» .wsc: COM Scriptlet containing VBScript/JScript
» .wsf: XML containing VBScript/JScript
» .vbs: VBscript
» .js: JScript / JXA
» .hta: HTML Application containing VBscript/JScript
» ... and more!
Containers (20+):
» .zip: can contain hidden files
» .7zip
» .rar
» .iso: can contain hidden files
» .cab
» .vhd
» .vhdx
» .pdf: files embedded into PDF
» .lnk: LNK with appended file/ZIP, uses Powershell to unpack itself
» ... and several more!
Other vectors (16):
» .application, .manifest: ClickOnce deployment files
» .bat, .cmd: Classic cmd.exe batch files
» .ps1: Powershell scripts
» .html, .svg: HTML Smuggling, SVG Smuggling
» .lnk: Windows shortcut
» .url: a shortcut that can launch direct victim onto URL in default browser or launch locally available file through file:///path/to/file.exe URI-handler
» .chm: can run system commands, useful in complex infection scenarios
» .msi: malicious MSI installer or backdoored MSI
» .mst: Installation transform file
» .msg: BadAppointment attack, implements malicious appointment to coerce NetNTLM authentication
» .diagcab: path-traversal enabled CAB file exploiting Dogwalk exploit, generated with exploiter.exe
» .inf: INF installation file invoking SCT, in an INF-SCT weaponization scenario
» ... and more!

» Sounds like an excellent fit for your Team's arsenal? Request a Demo today!

» Download product brochure

Anytime we start a new engagement, there's always a weaponization part involved. We dive deep into devising custom shellcode loaders, scripts, containers, HTML landing pages, malicious VBA macros, to then link them all up into a consecutive infection chain. Lots of manual steps involved and an equally wide margin for the operator's error. Every time new engagement begins, we're facing the same dilemma - which formats to choose this time. Decision entails your Team's time investment in researching what's currently trending and then developing in-house, trying, testing, gradually complicating payloads Team need to operate.

But Research and Development takes time, can fail if TTPs chosen turn out to be well covered by Anti-Virus and EDR agents Team will face.

Here comes an honest value for purchasing ready-made tooling offering multitude of file formats to choose from.

Red Macros Factory is a new player on the market, this means not many customers have squeezed it to its limits yet. Therefore its not as exposed to online virus scanners as the Competition.
RMF is a modular, flexible tooling offering your Team insight and control over code snippets and templates it uses. This means, your Team can modify what RMF produces, customize it - increasing success likelihood and minimizing resemblance to things other customers build!

RMF is not a blinking black box that you purchase once and just use. It can be, but it encourages customization, automation and first and foremost - it brings separate tools helping your Team improve their Arsenal! Not a single tool, 20+ of them!

» Capabilities overview
» Quality of Life Improvements
» Formats supported
» Batteries included
1. shellcoder.exe - Multi-Language Shellcode Loader builder - produces source code, obfuscates it, compiles. Quickly build flexible evasive shellcode loaders
2. generate.exe - Generates all sort of scripts, macros, Office documents. One stop shop for generating all the things
3. cli.exe - Official RMF Command Line interface with auto-completion, history & other features
4. msir.exe - Produces & backdoors .MSI, .MST, .WXS Microsoft installation files and .MSP patches
5. lnker.exe - Produces & backdoors .LNK, .URL shortcut files
6. clicker.exe - Weaponizes & backdoors ClickOnce deployments
7. signer.exe - Takes any supported file on input (over 40+ different files can be signed), generates (or uses existing) code signing certificates and produces output signed file
8. smuggler.exe - Takes file on input, produces output HTML smuggling landing page that will deliver that file
9. pager.exe - Helps generate malicious landing pages by either generating one from the scratch, cloning existing pages or obfuscating input HTMLs
10. obfuscator.exe - Takes script on input (js, vbs, vba, hta, msc, bat, ps1, ...) and produces its heavily obfuscated form on output
11. packager.exe - Takes file(s)/directory on input and produces (or backdoors existing) container file on output (iso, zip, ...)
12. converter.exe - Converts one script format to another, for instance VBA to HTA, VBS to WSC, JScript to MSC, etc
13. chmer.exe - Produces & backdoors .CHM payloads
14. exploiter.exe - Generates unusual initial access vectors, like MSC GUI, BadAppointment, DiagCab
15. embedder.exe - Inserts file or VBA macro or COM OLE object into Office document
16. injector.exe - Injects Remote Template URL, CustomUI, variables, CustomXMLParts, properties into existing Office document
17. tamperer.exe - Anonymizes, VBA Stomps, VBA Purges, encrypts input Office document in attempt to decrease detection rate
18. lolbaser.exe - Displays how to work with LOLBINs, tests them, analyses
19. macroless.exe - Produces & backdoors Office documents with macroless weaponization primitives
22. batcher.exe - Produces malicious obfuscated .BAT/.CMD payloads
24. And more
» 106,000+ lines of code: Python + VBA/VBS/JS + Powershell + C# + C++ + Batch + lots more...
» 4 years of active Research & Development

» Framework subscription is charged annually.
» Customers get access to RMF Support Discord channel.
» Binary-Offensive is a registered legal entity. VAT invoices are available.
» Only Initial Access Guild vetted individuals are eliglble for Personal Licenses. Companies are eligble for Team licenses.
» Personal License includes 1 entry to the RMF Support section on Discord
» Team License includes 5+ entries to the RMF Support section on Discord. This ensures all your Team members will have access to other vetted Operator discussions.
» Sharing Personal License by more than one person is a violation to these terms and will result in blocking your product use. Respect my work.
» I invest in special precautions ensuring legal and ethical use of this software. You either respect these terms or we should not collaborate.

Type Price
1 year Company/Team license (5 seats) Contact us

Type	Price
1 year Company/Team license (5 seats)	Contact us

Eager to see Framework in action?

binary-offensive.com

Red Macros Factory

With Red Macros Factory you can generate 96+ obfuscated, fully weaponized vectors!

» Sounds like an excellent fit for your Team's arsenal? Request a Demo today!

» Download product brochure

Initial Access Framework

Capabilities overview

Capabilities overview

Quality of Life Improvements

Need more convincing? Meet the tools included!

shellcoder.exe

generate.exe

cli.exe

msir.exe

lnker.exe

clicker.exe

signer.exe

smuggler.exe

obfuscator.exe

packager.exe

converter.exe

chmer.exe

exploiter.exe

embedder.exe

injector.exe

tamperer.exe

lolbaser.exe

macroless.exe

batcher.exe

Pricing

Eager to see Framework in action?

binary-offensive.com

Red Macros Factory

With Red Macros Factory you can generate 96+ obfuscated, fully weaponized vectors!

» Sounds like an excellent fit for your Team's arsenal? Request a Demo today!

» Download product brochure

Initial Access Framework

Capabilities overview

Capabilities overview

Quality of Life Improvements

Need more convincing? Meet the tools included!

shellcoder.exe

generate.exe

cli.exe

msir.exe

lnker.exe

clicker.exe

signer.exe

smuggler.exe

pager.exe

obfuscator.exe

packager.exe

converter.exe

chmer.exe

exploiter.exe

embedder.exe

injector.exe

tamperer.exe

lolbaser.exe

macroless.exe

batcher.exe

Pricing

Eager to see Framework in action?