NOTE: Some of the topics in this article are probably going to be a bit contentious, but part of the hope in publishing this article is to drive some additional discussion within the offensive security community Ransomware has become one of the most prevalent threats that companies face today. It [...]
We recently rolled out Empire 5.2 to our public repo! This latest version brings a host of new features, enhancements, and bug fixes to further streamline your experience. Let’s dive into the release notes and explore the highlights of this update.
Plugin Tasks: Empire 5.2 introduced new plugin functionality by Vinnybod, which includes plugin tasks and task endpoints. The new tab lets you queue up tasks directly to a plugin and view their outputs from Starkiller.
Flask Server Double Header Issue: A duplicate Server Header issue caused by Flask has been fixed, resulting in the removal of an interesting indicator on the Empire server. Here is an example of the double header showing the that both the Python server and our default Microsoft IIS headers were showing up when viewing the network traffic. We will push out another blog to further dive into this soon.
Donut Update: The Donut module has been updated to v1.0.2.
Nim Version Lock: The Nim version has been locked in the install script, ensuring that the correct version is used and preventing any potential compatibility issues during installation.
Powerview Module Update: Dynamic detection on overhead functions that use Powerview has been fixed (again) and has been updated to use ZeroDayLab’s version.
Task and Tasking Terminology Update: To avoid confusion, tasks have been renamed to AgentTasks, and tasking has been renamed to task in most places. Note: hook names have not been changed.
Improved Install Path Handling: An issue related to the install path not being used correctly within the database has been fixed, so switching Empire instances (GitHub vs. Kali) should no longer throw an error.
OneDrive Listener Fixes: A few issues with the OneDrive listener that arose with Empire 5.0 have been fixed and full functionality has been restored to the listener.
Docker Fix for Starkiller: A fix for a Starkiller error in Docker has been implemented by 0x4xel, ensuring seamless compatibility between Starkiller and Docker.
Malleable C2 IronPython Agent Fix: The Malleable C2 module now correctly generates IronPython agents.
We encourage everyone to update to the latest version. The Empire team would like to thank all contributors for their hard work and dedication to making this release possible. Happy hacking!
The original goal of Empire 5.0 was to only introduce a better v2 REST API to deal with some shortcomings of the original API found while building Starkiller and the ...
