Empire and PowerShell
Empire 4,0 is a post-exploitation framework that includes pure-PowerShell Windows agents, Python 3. x Linux/OS X agents, and C# agents. It is the merger of the previous PowerShell Empire and Python Empyre projects. Empire premiered at the BSidesLV in 2015.
BC Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) at DEFCON 27. Empire was originally built by other developers but since it was no longer active as "It has served its purpose" it was no longer maintained and BCSecurity forked the project and continued its development.
I will demonstrate some situational techniques with Empire, Empire has the full functionality of PowerView to enumerate a domain and workstation as also other tools for lateral, privesc, and persistence techniques.
I will not demonstrate set up as there are already, awesome tutorials and the own GitHub repository for these but Empire will essentially need a listener, a stager, and the agent once called back to the C2.
The agent will start enumerating the host and domain
Host Recon is a good start with enumeration
Seatbelt PowerShell integrated with Empire a few settings are needed to get started with the proper group or individual command
Domain User Enumeration
Privilege Escalation Enumeration
And a plethora more modules that empire can execute around 399 of the time of writing.
Copy link