NOTE: Some of the topics in this article are probably going to be a bit contentious, but part of the hope in publishing this article is to drive some additional discussion within the offensive security community Ransomware has become one of the most prevalent threats that companies face today. It [...]
In cybersecurity, techniques evolve rapidly as defenders and attackers adapt to the ever-changing landscape. This article will explore an exemplary example of this evolution in transitioning from Domain Fronting to Platform as a Service (PaaS) Redirectors. The Rise and Fall of Domain Fronting Domain fronting was a popular method used ...
We recently rolled out Empire 5.2 to our public repo! This latest version brings a host of new features, enhancements, and bug fixes to further streamline your experience. Let’s dive into the release notes and explore the highlights of this update. New Features Plugin Tasks: Empire 5.2 introduced new plugin ...
Something that we have seen increasingly often on Twitter recently is people ostensibly posting about “Red Teams” and how if they did what APT X did, all their colleagues would be laughing at them. This is arguably a huge problem and we don’t mean the laughing. Not every organization is ...
Today we wanted to cover one of the lesser-known functions in Empire, the ReverseShell stager. The name may not be as intuitive, so standby for a future name change, but this stager creates a minimal payload using MSFvenom to stage an Empire agent. Why would you need this? Well, in ...
It has been another exciting week for the team. First we are just a week away for our inaugural course for Advanced Threat Emulation: Evasion. Second, we were able to put together a new build for Empire, bringing us one step closer to 5.0. If you were paying close attention, ...
It has been a while since we have been able to discuss the new features in Empire. We wanted to take some time to discuss some upgrades under the hood of Empire and a few quality-of-life features that we are sure everyone will enjoy. Customizable Bypasses While teaching, we saw ...
Today, we will talk about combining two fascinating Tactics, Techniques, and Procedures (TTPs) together for deploying Command and Control (C2): IronPython and WebDAV. If you read our previous blog post about IronNetInjector, you will see that there are a number of things to consider when bringing your own interpreter. In ...
During a recent engagement, we were asked to employ Turla’s Tactics, Techniques, and Procedures (TTPs) using IronNetInjector. This is not a toolkit that we had a lot of experience with and upon doing some OSINT, it seemed to be pretty hard to come by. Specifically, no one seemed to be ...
Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features. This version has added some new capabilities to keep our threat emulation capabilities in line with current adversary TTPs. We have added a brand new IronPython stager, which can be compiled ...
