Empire 1.4

It’s been another two months since the last major Empire point release, and development has continued to move along steadily. Empire has a TON of new modules from 10 different authors and a smattering of additional bug fixes/feature adds. We want to give a big thanks and shout out to all the contributors who are helping to expand Empire with new capabilities!

New Modules

Other Updates

  • Autoruns! Empire now has the ability to specify a module to automatically run whenever a new agent checks in. In a module menu, set your desired options, then set Agent autorun and execute, and the specified module/options will run as the first tasking for new agents. To clear an autorun module, from the (Empire: agents) > menu just type clear autorun.
  • The persistence/debugger/* modules were rolled into a single module at persistence/misc/debugger. The TargetBinary option allows you to set which accessibility binary you’d like to abuse.
  • Running ./empire –debug now writes out the last PowerShell logic tasked to an agent to ./LastTask.ps1. This can be quite useful for debugging and building modules.
  • All PowerUp modules now dynamically built from a single source file, similar to the PowerView update in 1.3.
  • The ./setup/install.sh logic was updated by @MikeDawg to support additional platforms.
  • ./setup/setup_database.py was updated by @mubix to allow for randomization of the staging password.
  • Numerous bug fixes (as usual : ) We’ve also reinstated our dev branch. New pulls should submit to dev, which we will merge to master after vetting. There are now also a few notes in README.md under ‘Contribution Rules’ for those who want to contribute modules.

Wrapup

Thanks again to everyone who’s contributed to Empire in the short four and a half months since its release! The public participation has been humbling, and we’re happy to hear at Empire is being used successfully on engagements. Remember that there is now an Empire cheat sheet included in the set at https://github.com/harmj0y/cheatsheets/, and we’ll catch you in the new year!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.