Not Your Grandfather’s Empire I’ve wanted to put this blog together since returning home from DEFCON. Anytime we ran into someone who recognized our swag, they mentioned how much they loved Empire back in the day and didn’t realize it was being actively maintained. This made me reflect on all [...]
Not Your Grandfather’s Empire I’ve wanted to put this blog together since returning home from DEFCON. Anytime we ran into someone who recognized our swag, they mentioned how much they loved Empire back in the day and didn’t realize it was being actively maintained. This made me reflect on all ...
In cybersecurity, techniques evolve rapidly as defenders and attackers adapt to the ever-changing landscape. This article will explore an exemplary example of this evolution in transitioning from Domain Fronting to Platform as a Service (PaaS) Redirectors. The Rise and Fall of Domain Fronting Domain fronting was a popular method used ...
We recently rolled out Empire 5.2 to our public repo! This latest version brings a host of new features, enhancements, and bug fixes to further streamline your experience. Let’s dive into the release notes and explore the highlights of this update. New Features Plugin Tasks: Empire 5.2 introduced new plugin ...
Something that we have seen increasingly often on Twitter recently is people ostensibly posting about “Red Teams” and how if they did what APT X did, all their colleagues would be laughing at them. This is arguably a huge problem and we don’t mean the laughing. Not every organization is ...
Today we wanted to cover one of the lesser-known functions in Empire, the ReverseShell stager. The name may not be as intuitive, so standby for a future name change, but this stager creates a minimal payload using MSFvenom to stage an Empire agent. Why would you need this? Well, in ...
It has been another exciting week for the team. First we are just a week away for our inaugural course for Advanced Threat Emulation: Evasion. Second, we were able to put together a new build for Empire, bringing us one step closer to 5.0. If you were paying close attention, ...
It has been a while since we have been able to discuss the new features in Empire. We wanted to take some time to discuss some upgrades under the hood of Empire and a few quality-of-life features that we are sure everyone will enjoy. Customizable Bypasses While teaching, we saw ...
Today, we will talk about combining two fascinating Tactics, Techniques, and Procedures (TTPs) together for deploying Command and Control (C2): IronPython and WebDAV. If you read our previous blog post about IronNetInjector, you will see that there are a number of things to consider when bringing your own interpreter. In ...
During a recent engagement, we were asked to employ Turla’s Tactics, Techniques, and Procedures (TTPs) using IronNetInjector. This is not a toolkit that we had a lot of experience with and upon doing some OSINT, it seemed to be pretty hard to come by. Specifically, no one seemed to be ...
