email info@BC-Security.org

Top Categories

Spotlight

todayOctober 10, 2024

Offensive Security Tools Cx01N

Not Your Grandfather’s Empire

Not Your Grandfather’s Empire I’ve wanted to put this blog together since returning home from DEFCON. Anytime we ran into someone who recognized our swag, they mentioned how much they loved Empire back in the day and didn’t realize it was being actively maintained. This made me reflect on all [...]


Empire / Starkiller – New Year 2024

Offensive Security Tools Vincent Rose todayJanuary 3, 2024 1184 6

Background
share close

We recently released Empire 5.8 and Starkiller 2.7. Sometimes, we forget to highlight the cool new features or changes as they release. So, in addition to covering the Empire 5.8 / Starkiller 2.7 changes, this will also recap some of the things from the recent releases you may have missed. The full changelogs can be found here: Empire | Starkiller .

Tags – Empire 5.6 / Starkiller 2.5

This allows arbitrary tagging of different elements within Empire, allowing operators to keep their engagement organized. It also enables automation for plugins. There’s more detail on this in the tagging blog post.

Notifications – Starkiller 2.6

Previously, real-time alerts would pop up in the corner of Starkiller. And while this might work for a small one person engagement, it doesn’t scale very well when multiple operators and lots of events are firing. So now all the events are nice and tidy within the notification bell and can be viewed on the notifications page.

Subscribing to agent task results – Starkiller 2.6

This change to notifications enabled us to allow all the task results to go to the notifications page. Operators can also subscribe/unsubscribe to individual agents.

Sponsor Dashboard – Starkiller 2.4

A much requested feature. The Starkiller homepage for the sponsors’ build is a dashboard giving top-level data about agents, listeners, and credentials.

Starkiller Terminal – Starkiller 2.6

Sponsors have had a version of this feature for a while now, but we’ve made it better and rolled it out to the public version now as well. The terminal allows for executing shell commands, modules, and most things available from the “interact” menu on the Empire client—type `shell` to drop into an “interactive” mode.

ANSI Formatting – Starkiller 2.4

Some modules will output their data with ANSI coloring. Previously, Starkiller would display the ANSI codes as text. Now, the task outputs display ANSI coloring.

Advanced Filtering – Starkiller 2.5

The advanced filtering widget has been expanded to most list views.

IronPython SMB Agents/Listeners – Empire 5.5

We have noticed for a while that Empire has been missing an important peer-to-peer lateral technique. Since we have been shifting a lot of our TTPs in Empire to focus on IronPython, we incorporated an SMB agent that allows multiple IronPython agents to communicate with one another.

Python Obfuscation – Empire 5.5

The chances are that most Linux endpoints aren’t going to be running an EDR solution, but in the rare case you do encounter them, Empire now includes Python obfuscation for agents and modules.

Exegol – Empire 5.8

Exegol is a community-driven hacking environment powered by Docker and Python. Empire has recently been added to its arsenal of tools!

General Install Maintenance – Empire 5.8

Empire 5.8 is very much a housekeeping update. Just take a look at the changelog… There are lots of dependency updates, a revamp of the install script, some changes to help support Exegol, change in support for Python version (added 3.12, removed 3.8, 3.9), added Debian 12 support, and added an ARM64 docker image! Also, new linting rules. refactoring listener code, and rewriting Python agent code.

Overhaul of the IronPython and Python agent code – Empire 5.8

The Python agent code has been neglected for quite some time and it has finally gotten to the point that it needed a complete overhaul. We finally broke out functionality into Staging and MainAgent codes which gives some commonality to formatting and allows different communication profiles to be easily dropped in.

Preview – Beta Empire Launcher

With the amount of work it takes to maintain a multi-linux-flavor install script… I was looking at alternatives. We have Docker images, but the documentation on how to use it is spotty and we still recommend the install script as the preferred method.

I don’t know how this will pan out, but I’m working on what we’re calling the “Empire Launcher,” which allows someone to run one bash command that installs the Empire Launcher, a thin wrapper around docker-compose. From there, empire up will spin up an Empire instance and MySQL database, empire down will turn it off, and empire destroy will wipe it all. There’s additional commands for dumping the database, tailing the logs, and using the client.

If this sounds interesting to you, and you want to provide some early feedback, it is pushed to BC-SECURITY/Empire-Launcher ‘s dev branch. Feedback can be discussed in our Discord!

Written by: Vincent Rose

Tagged as: .

Rate it

Previous post