Reporting is, by nature, only the threat actors that have been caught. What about all the ones that didn’t get caught? There is no way to examine that and It comes down to the fact that we don’t know what they did and therein lies the problem for threat emulation.
We recently released Empire 5.8 and Starkiller 2.7. Sometimes, we forget to highlight the cool new features or changes as they release. So, in addition to covering the Empire 5.8 / Starkiller 2.7 changes, this will also recap some of the things from the recent releases you may have missed. ...
Forget about feeling overwhelmed with a mess of data. With tags in Starkiller, you have more control over keeping everything organized. You can assign tags to various objects – Listeners, Agents, Agent Tasks, Plugin Tasks, Downloads, and Credentials. This means you can categorize and organize your engagements in a way ...
Today we wanted to cover one of the lesser-known functions in Empire, the ReverseShell stager. The name may not be as intuitive, so standby for a future name change, but this stager creates a minimal payload using MSFvenom to stage an Empire agent. Why would you need this? Well, in ...
It has been another exciting week for the team. First we are just a week away for our inaugural course for Advanced Threat Emulation: Evasion. Second, we were able to put together a new build for Empire, bringing us one step closer to 5.0. If you were paying close attention, ...
It has been a while since we have been able to discuss the new features in Empire. We wanted to take some time to discuss some upgrades under the hood of Empire and a few quality-of-life features that we are sure everyone will enjoy. Customizable Bypasses While teaching, we saw ...
Today, we will talk about combining two fascinating Tactics, Techniques, and Procedures (TTPs) together for deploying Command and Control (C2): IronPython and WebDAV. If you read our previous blog post about IronNetInjector, you will see that there are a number of things to consider when bringing your own interpreter. In ...
Empire 4.2 was just finalized over the weekend and we are excited to share some of the new features. This version has added some new capabilities to keep our threat emulation capabilities in line with current adversary TTPs. We have added a brand new IronPython stager, which can be compiled ...
In case you don’t check our commit history on our GitHub on a daily basis, Empire 4.1 and Starkiller 1.9 were released to Kali and Sponsors this week! This release has some much-needed quality of life updates that include new Starkiller interfaces, IronPython3 integration, and a new plugin ability, Hooks & Filters. Now before you read about all ...
Are you an infosec developer, blogger, Blue Teamer, or general misfit and want to contribute to the Empire? Well, here’s your chance! We are opening the doors a bit to try out a pilot program for the infosec community.
