email info@BC-Security.org

Top Categories

Spotlight

todayOctober 10, 2024

Offensive Security Tools Cx01N

Not Your Grandfather’s Empire

Not Your Grandfather’s Empire I’ve wanted to put this blog together since returning home from DEFCON. Anytime we ran into someone who recognized our swag, they mentioned how much they loved Empire back in the day and didn’t realize it was being actively maintained. This made me reflect on all [...]


Community Contributors Program

Offensive Security Tools Cx01N todayAugust 31, 2021 476 1

Background
share close

Now that Defcon and Blackhat are checked off for the year, we can get back to real work the fun stuff.

Are you an infosec developer, blogger, Blue Teamer, or general misfit and want to contribute to the Empire? Well, here’s your chance! We are opening the doors a bit to try out a pilot program for the infosec community. The Community Contributors Program offers red and blue teamers, pentesters, and offsec developers access to our private Empire development repository. This repo contains builds that are works in progress, as well as some of our more ambitious ideas that we are playing around with.

As you can imagine, we do not want the general audience to see our experimental builds. Quite often, they are broken and go through massive amounts of updates before the GA release. Sometimes, they are scrapped altogether, and we don’t want to semi-release a feature to just pull it away for more development.

Benefits

So what do you get? Eternal fame and glory for the Empire.

But really, you will be receiving early access to all of the Empire development. This typically runs about 30-60 days ahead of the public releases. For example, Empire 4.0 was available for nearly 6 months on our Sponsors repo before being released to the public. We were able to setup a beta release through Kali’s experimental repo. However, we found there was time that we could have benefited from people testing and developing, which spawned this idea of a vetted community of developers and contributors.

You get swag! Who doesn’t like stickers, shirts, and whatever random things that we might send out to you?

Exclusive Discord roles and access. If you hang out with us on Discord, you will notice that our channel has grown considerably over the last year with a wide range of people. But do you feel like being a regular Human isn’t good enough? Everyone who participates in the Community Contributors Program will receive a special role for their support and access to a private chat room. This chat will be an opportunity for like-minded individuals to collaborate in a vetted space. For Blue Teamers, it will give you access to developers where you can vet detection methods, ask for data or get a head start on new tactics before they are published.

And finally, we will be selecting individuals to receive vouchers for OSCP and Advanced Threat Emulation: Red Teams.

The Road Map

Let’s start with what we have planned for the future releases and give you an idea of how Community Contributors might fit in. Empire 4.0 brought some major changes, but we weren’t able to fit in all the cool features in the first go.

Hooks and Filters

In 4.1, Vinnybod will be introducing Hooks and Filters. This allows plugin developers to write code that gets triggered by events happening on the server. These events can range from a new agent check-in to a tasking result coming back. Now you will be able to develop tools that take the output from one module and pipe it into another—creating a logical workflow inside of Empire for navigating how data is driven. These will also provide some great opportunities for Blue Teamers to provide some input on data they would like to see better collected so that results can be better communicated at the end of an engagement.

API v2

API v2 is a completely new REST API. The current API was piecemealed together as new functionality was needed and lacked a consistent methodology. This led us to make the decision to design a completely new API that is intuitive to use, with always up-to-date documentation and consistency.

Plugins

Probably the least known and most beneficial feature in Empire, Plugins. Cx01N is a huge fan of Plugins and finds that they can be used to generate a wide range of tools that build on Empire’s abilities. For example, he was bored over the summer and decided that he didn’t want to rely on Metasploit for initial access. He built Eternal Blue and SMBGhost plugins to exploit vulnerable boxes from the server and launch an Empire agent.

However, there are some limitations to Plugins at the moment. They can be difficult to build since they are built around their own class and have to call functions from inside Empire directly. This can be problematic because you need to know the code structure to build a Plugin. And if anything changes, then the entire plugin library may need to be updated. So here comes the plugin interface. This gives a consistent point for plugins to attach to the server. So, if something changes on the server, this will not affect how the plugin interacts with Empire.

How Do I Sign Up?!?

The Community Contributors Program requires that we vet each person who wants access, so you will need to provide some info to our team. You can send us a link to your GitHub, Twitter, Blog, Linkedin, 1st-grade parent/teacher conference, or whatever you think would justify that you are an active contributor to the infosec community. But don’t worry, this is not a one-time thing, and you may get picked at a later time.

You can send us your info a few different ways.

FAQ

I want to add a module to Empire. Do I need access to the development repository?

No. Smaller pull requests such as adding modules can be submitted via the public Empire repository to the dev branch. Alternatively, depending on the complexity of the module, it may be beneficial to develop it as a plugin that allows you to maintain control over the pace of updates for it while making it available for everyone to use.

How is this different from the Sponsor Program?

There are a few major differences between the Sponsor Program and the Community Contributors Program. The first is that the Contributor program is only accessible to vetted individuals, while the Sponsor Program is available to anyone that would like to maintain their anonymity. This gives you access to a private channel on our discord where you can freely ask questions to other vetted researchers. The Sponsor Program also gives access to extra plugins we have developed and a Sponsors build of Starkiller that contains extra features. It may make sense for an individual/company to be a part of the Sponsors program and the Contributor Program simultaneously.

Who should want to be in the Community Contributors Program?

Developers who want to contribute larger features to Empire. Developers who are building external applications using Empire’s code or API. Power users of Empire that want to test new functionality before it is production-ready. Bloggers and YouTubers that want to put out content to help learn Empire. Blue Teamers that want to help develop new detections or would like to help collaborate with us on features that we can add that may be useful to Blue Teams for engagement analysis. Really anyone that wants to use the access to give back to the community.

I am a Blue Teamer that wants to build detections. Will I be allowed to share these?

Yes! In fact, we encourage you to. One of our goals with this program is to build better collaboration between Offensive Researchers and Defenders.

Written by: Cx01N

Tagged as: .

Rate it

Previous post

todayJuly 14, 2021

  • 7008
  • 6
close

Cyber Security Hubbl3

XLS Entanglement

VBA tradecraft is constantly evolving and this past winter, I came across some articles from Adepts of 0xCC. Specifically, their article Hacking in an Epistolary Way: Implementing Kerberoast in Pure ...