Empire and PowerShell

Empire 4,0 is a post-exploitation framework that includes pure-PowerShell Windows agents, Python 3. x Linux/OS X agents, and C# agents. It is the merger of the previous PowerShell Empire and Python Empyre projects. Empire premiered at the BSidesLV in 2015.

BC Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) at DEFCON 27. Empire was originally built by other developers but since it was no longer active as "It has served its purpose" it was no longer maintained and BCSecurity forked the project and continued its development.

I will demonstrate some situational techniques with Empire, Empire has the full functionality of PowerView to enumerate a domain and workstation as also other tools for lateral, privesc, and persistence techniques.

I will not demonstrate set up as there are already, awesome tutorials and the own GitHub repository for these but Empire will essentially need a listener, a stager, and the agent once called back to the C2.

The agent will start enumerating the host and domain

Host Recon is a good start with enumeration

Seatbelt PowerShell integrated with Empire a few settings are needed to get started with the proper group or individual command

Domain User Enumeration

Privilege Escalation Enumeration

And a plethora more modules that empire can execute around 399 of the time of writing.

PreviousCovenant and C#NextCredential Dumping

Last updated 2 years ago