Not Your Grandfather’s Empire I’ve wanted to put this blog together since returning home from DEFCON. Anytime we ran into someone who recognized our swag, they mentioned how much they loved Empire back in the day and didn’t realize it was being actively maintained. This made me reflect on all [...]
Today, we will talk about combining two fascinating Tactics, Techniques, and Procedures (TTPs) together for deploying Command and Control (C2): IronPython and WebDAV. If you read our previous blog post about IronNetInjector, you will see that there are a number of things to consider when bringing your own interpreter. In ...
During a recent engagement, we were asked to employ Turla’s Tactics, Techniques, and Procedures (TTPs) using IronNetInjector. This is not a toolkit that we had a lot of experience with and upon doing some OSINT, it seemed to be pretty hard to come by. Specifically, no one seemed to be ...
Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features. This version has added some new capabilities to keep our threat emulation capabilities in line with current adversary TTPs. We have added a brand new IronPython stager, which can be compiled ...
It’s that time of year again! This means it’s the season for Halloween, Oktoberfest, and HACKTOBERFEST! So what is Hacktoberfest? Hacktoberfest is a yearly event that encourages participation in the open-source community. The best part is if you participate by contributing to open source projects, you receive a limited edition ...
VBA tradecraft is constantly evolving and this past winter, I came across some articles from Adepts of 0xCC. Specifically, their article Hacking in an Epistolary Way: Implementing Kerberoast in Pure VBA caught my attention and I wanted to try and see if it would be possible to create a pure ...
The release of Empire 4.0 is just around the corner and we wanted to take some time to walkthrough some of its new features. So what is Empire 4.0? It is a refactor of the internal structure of Empire, the addition of C# capabilities, and a revamped user interface. This ...
Beginning January, we will be granting Kali users and Sponsors 30-day exclusive early access to Empire and Starkiller before the code gets publicly released to our repositories, you can check out more in their blog post.
Its been about 2-weeks since we released Empire 3.4, and hopefully, everyone has had a chance to check out all the new features. Our team has put quite a few hours into development and we wanted to give an overview so everyone can leverage Empire’s full capabilities.
Empire 3.4.0 is our next major release and is packed with one of the most advanced features to-date, Malleable C2. The Malleable C2 Listener gives control to operators to customize their beacons to match specific threats. It does this through profiles, which are simple scripts that instruct the listener how ...
