Allpacka: Malware à la carte
An insight into automatable, offensive IT security
Context
As an employee at cirosec, I worked as a developer for malware and tooling for use in red teaming operations and developed the malware build system “Allpacka.” In this presentation at IT-Defense 2026 in Würzburg, Germany, I introduced the malware arsenal and the system itself.
The presentation was not recorded.
Abstract
The days when generic and publicly known malware simply led to success are long gone – at least for companies that protect themselves accordingly. Modern detection and response solutions make life difficult for attackers. As a result, attackers now regularly use custom tooling, their own mechanisms for hidden loading and packing malware, and various other tricks to circumvent these modern detection solutions. Simulating such motivated, advanced, and skilled attacker groups that attack companies via different vectors is often the subject of so-called red team assessments. As a professional red team, it is therefore our job not only to cover these techniques, but also to adapt malware to spontaneous situations in a time-efficient manner.
To address this, we at cirosec have developed our own solution that simplifies the daily work of our red team: our malware build system “Allpacka.” The idea: every single step, from compiling, obfuscating, and packing to platform-specific customization of the malware, is abstracted through combinable modules. By chaining these modules together, a so-called “recipe” is created, which is “cooked” by the “Allpacka Chef” and ultimately “served” as customized malware.
The primary goal of Allpacka was above all to achieve a high degree of automation. In addition, this approach enables all members of the red team to take advantage of our entire arsenal of malware components without having to be familiar with the internal workings of each component in detail. By encapsulating the components in Allpacka modules, each member can concentrate fully on their area of expertise and still benefit from the know-how of the others.
In this presentation, I will show how we designed and built Allpacka, how the system works under the hood and in action, and what we learned about modularity, security, and living standards in the process.