Reporting is, by nature, only the threat actors that have been caught. What about all the ones that didn’t get caught? There is no way to examine that and It comes down to the fact that we don’t know what they did and therein lies the problem for threat emulation.
One of the lesser-known features in Empire is the ability to use alternative Command and Control (C2) methods. Specifically, we can leverage the Dropbox API as a C2 channel, which can utilize existing architecture inside a network and obfuscate web traffic. If you are interested in checking other listener options, ...
The new Empire CLI is out and includes some big changes to the user experience. We rebuilt the CLI to interact with the Empire team server through the API. These changes may seem small, but it now allows multi-user access to the server through the CLI and gives users a ...
Its been about 2-weeks since we released Empire 3.4, and hopefully, everyone has had a chance to check out all the new features. Our team has put quite a few hours into development and we wanted to give an overview so everyone can leverage Empire’s full capabilities.
You may remember the good ole days where you can connect to pretty much any mail server (like Gmail) with telnet and spoof emails to your friends from whoever you want. Back then, I never realized that you could actually send attachments directly through the telnet connection. It’s not super ...
Last month we taught our DEF CON 27 workshop, Introduction to Sandbox Evasion and AMSI Bypasses, as a webinar. It went really well, but the primary focus of the course was on delivering a primary agent to the target and getting it to run. We discussed how to obfuscate payloads ...
As part of the Empire 3.1.3 update, we fixed the OneDrive listener and added documentation for easier configuration.
Starkiller represents a huge step forward for red teams trying to operate together on engagements.
There are a lot of significant changes to Empire, so we thought it would be a good idea to walk through them in a little more detail.
BC Security found that the August 12/13 definitions update for Windows does not flag Empire or identify Mimikatz.
