email info@BC-Security.org

Top Categories

Spotlight

todayOctober 10, 2024

Offensive Security Tools Cx01N

Not Your Grandfather’s Empire

Not Your Grandfather’s Empire I’ve wanted to put this blog together since returning home from DEFCON. Anytime we ran into someone who recognized our swag, they mentioned how much they loved Empire back in the day and didn’t realize it was being actively maintained. This made me reflect on all [...]


Kali and BC Security Partnership

Cyber Security + Offensive Security Tools Vincent Rose todayJanuary 19, 2021 4671 7 5

Background
share close

Background

In November, Kali announced a new program for supporting tool developers, which kicked off with sponsoring Byt3Bl33d3r. We are excited to announce that we will be partnering with Kali in this endeavor and believe that Kali’s program is a great thing for the longevity of open source projects and the infosec community. With these changes, beginning January, we will be granting Kali users and Sponsors 30-day exclusive early access to Empire and Starkiller before the code gets publicly released to our repositories, you can check out more in their blog post.

When we first started updating Empire, it was to explore the continued viability of an older framework. At the time, the original project was archived and our fork had initially been published to support Vinnybod, Cx01N, and Hubbl3’s DEFCON 27 workshop Introduction to Sandbox Evasion and AMSI Bypasses and Recon Village talk: Hack to Basics – Adapting Exploit Frameworks to Evade Microsoft ATP. The goal was to ensure that students had a working copy of Empire that highlighted how simple evasion updates allowed a well-known C2 framework to remain viable against some modern defenses.

In addition, Empire served as a platform for testing new ideas and concepts that were later adopted into the project: Multi-User Server, Malleable C2 Listener, Chat Server, etc. At some point along the way, our fork started to get some attention and Offensive Security reached out to us to see if we would be interested in updating it to Python 3 since Kali was moving away from Python 2.7. We’ve since finished that migration and continued to update Empire consistently with bug fixes and features, and it became the un(official) version of Empire.

After discussing some common preferences between users, we found that our team (and the community) was split between wanting to use Command Line Interfaces (CLIs) and Graphical User Interfaces (GUIs). After some arguing and finally agreeing that there is no right answer, Starkiller was born. Starkiller is our cross-platform GUI for Empire, which gives an option to those who prefer a GUI.

Starkiller’s multiple window feature

Sponsoreware

While maintaining these codebases has been fun, it takes a considerable amount of free time and is mostly a labor of love by Cx01N, Hubbl3, and Vinnybod. So this brought us to an interesting crossroads: How do we prioritize tool development and balance it with red team assessments and training?

There were many options that we entertained so we could continue to dedicate time to developing tools because we enjoy doing it and we want to maintain accessibility for the wider community. We finally landed on adopting Byt3bl33d3r’s sponsorware model. His framework is similar to what was outlined in Caleb Porzio’s Introduction of Sponsorware article, which allows developers to receive compensation for their tools through sponsorship.

Comic graphic of modern digital infrastructure

Our initial rollout included sponsorship goals to work on features, since our team receives a couple of requests a week for custom tools and new features from hobbyists and large companies. As these goals were met, we would release these to the general public for everyone to enjoy. We granted sponsors access to some of the custom tools that we built for in-house use.

We currently give sponsors access to:

  • Sponsor version of Starkiller (includes Chatrooms, GUI File Browser, Pop-out Windows, etc.)
    • Pop-out windows were moved to the public repository after hitting our first goal of 5 sponsors.
  • Empire plugins (ATT&CK Emulation, Custom PDF Reports, etc.)
Sponsorship goal for chatrooms in Starkiller

Kali Partnership

This brings us to our newest endeavor with Offensive Security and Kali. Recently they began offering sponsorship opportunities towards the end of 2020, which we were lucky enough to be apart of. This partnership will give Kali and Sponsors 30-day exclusive early access to Empire and Starkiller prior to any major release. After that, we will publish the release on our public repository for anyone to access.

Release Updates

One of the biggest changes for us will be a more consistent release schedule. For most users, this won’t be changing much. What you will see now are fewer, more substantive releases. The flow for releasing features is quite a simple process…

Empire release process
Starkiller release process
Vinnybod develops the new release process

In reality, not much is changing to the end-user. If you’d like to submit a pull request to Empire, you will still submit it to the dev branch on the public repository. If you just want to use Empire, you can pull the master branch (or tagged release) from GitHub or install and run it through Kali’s using:

sudo apt install powershell-empire
sudo powershell-empire

But what about bug fixes?

We will be pushing out bug fixes to the private and public repos as they come out. We want to provide a great user experience to all and there will be NO delays to bug fix releases.

Future Plans

We have a lot of updates planned for Empire. Here are just a few that we have in the works:

  • A new Empire CLI is currently in Open Beta and will be packaged with Empire in our upcoming release.
  • We are in the process of rolling out the ability for users to use higher performance databases for team engagements.
  • A C# agent is in the works, which will bring new capabilities to Empire.
  • An interactive agent shell in Starkiller
Updated module page in the New Empire CLI

TL;DR

Kali users and direct Sponsors will have 30 days of exclusive early access to the new Empire and Starkiller releases. After 30 days, we will push out the releases to the public repository. If you want to benefit from Kali’s 30-day exclusivity, just install Empire on Kali using apt install powershell-empire and Starkiller using apt install starkiller

Certain sponsor-only Starkiller features such as the file browser and chat widget will continue to be available only to sponsors until sponsorship goals are reached. When a goal is reached, the feature will be moved to Kali for 30 days and then released publicly.

Written by: Vincent Rose

Rate it

Previous post