Month: August 2015

It’s been almost two weeks since since the release of Empire 1.1, but it’s already time for version 1.2! Here are the recent modifications: Components of the agent.ps1’s core shell functionality were streamlined and ported to WMI equivalents. We wanted to avoid using native binaries as much as possible in the case of command line auditing, and took the chance to clean up a bit of the agent core. help agentcmds in an agent menu will show the “opsec-safe” aliases we have implemented, and shell <CMD> will manually execute commands using normal execution. Minor UI/misc. tweaks- list [agents/listeners] <modifier> should now be a universal option on all…

A few weeks ago, @sixdub and myself released a project called Empire at BSides Las Vegas (slides and video), and the response has been very positive. For those unfamiliar, Empire is a pure PowerShell post-exploitation agent that aims to solve the PowerShell “weaponization problem” and train blue teamers on how to respond to PowerShell based attacks. There’s an overview post here, the code is up on Github, and complete documentation is at www.PowerShellEmpire.com. With the surge in interest, and @enigma0x3 joining the project, we’ve implemented several changes in the past two weeks since Empire’s release. We wanted to give a quick rundown on…