Empire

Empire Fails

Everyone makes mistakes, and we’re certainly no exception. Empire has suffered from a few security issues since its original release at BSides LV in 2015, and for a while, I’ve wanted to give some technical details on the specific mistakes we’ve made along the way for the sake of transparency. Thanks to a recent second disclosure …

Empire Fails Read More »

The Empire Strikes Back

We recently made some of the biggest changes to Empire since its release at BSidesLV in 2015. This post will summarize many of the modifications for the Empire 2.0 beta release, but also check out @enigma0x3‘s and my “A Year in the Empire” presentation we gave at Derbycon 6 for more information (slides here). This …

The Empire Strikes Back Read More »

Empire’s RESTful API

This post is part of the ‘Empire Series’ with some background and an ongoing list of series posts [kept here]. [tl;dr] The Empire RESTful API is documented here on the Empire GitHub wiki. Last week, Empire’s 1.5 release included a RESTful API implementation which I hinted about previously. This effort was inspired by a conversation with @antisnatchor from the …

Empire’s RESTful API Read More »

Empire 1.5

Three months have elapsed since the Empire 1.4 release, and we have some awesome new features for our next release! The notes for Empire 1.5 are below, but a quick warning- this release modifies part of the backend database schema, so do not apply this update if you have existing agents on your Empire server. You will need …

Empire 1.5 Read More »

Empire’s CLI

This post is part of the ‘Empire Series’ with some background and an ongoing list of series posts [kept here]. Recently, an Empire user requested that we build a ‘standalone payload generator’, similar to msfvenom’s functionality. The motivation is to provide a scriptable capability that makes integration with other tools relatively easy. This short post will cover …

Empire’s CLI Read More »

Nothing Lasts Forever: Persistence with Empire

This post is part of the ‘Empire Series’ with some background and an ongoing list of series posts [kept here]. Code execution is great and remote control is awesome, but if you don’t have a persistence strategy planned nothing can throw a wrench in your engagement like an unplanned reboot or user logout. This post covers 17 current Empire persistence …

Nothing Lasts Forever: Persistence with Empire Read More »

Expanding Your Empire

The “Empire Series”: 1/21/16 – Expanding Your Empire 1/28/16 – An Empire Case Study 2/4/16 – Nothing Lasts Forever: Persistence with Empire 2/11/16 – Empire & Tool Diversity: Integration is Key 2/25/16 – Empire’s CLI 3/15/16 – Phishing With Empire 3/31/16 – Empire 1.5 4/5/16 – Empire’s RESTful API [Note: This has been cross posted on …

Expanding Your Empire Read More »

Empire 1.4

It’s been another two months since the last major Empire point release, and development has continued to move along steadily. Empire has a TON of new modules from 10 different authors and a smattering of additional bug fixes/feature adds. We want to give a big thanks and shout out to all the contributors who are helping to …

Empire 1.4 Read More »

Empire 1.3

It’s been about two months since the release of Empire 1.2. We took a quick breather after coming down from our sprint to BSidesLV and the two follow-up releases. Part of this lull was to work on massive rewrite of PowerView 2.0 which I spoke about a few weeks ago. Much of this Empire 1.3 release …

Empire 1.3 Read More »

Empire 1.2

It’s been almost two weeks since since the release of Empire 1.1, but it’s already time for version 1.2! Here are the recent modifications: Components of the agent.ps1’s core shell functionality were streamlined and ported to WMI equivalents. We wanted to avoid using native binaries as much as possible in the case of command line auditing, and took …

Empire 1.2 Read More »