Press "Enter" to skip to content

Month: October 2015

Empire 1.3

It’s been about two months since the release of Empire 1.2. We took a quick breather after coming down from our sprint to BSidesLV and the two follow-up releases. Part of this lull was to work on massive rewrite of PowerView 2.0 which I spoke about a few weeks ago. Much of this Empire 1.3 release is centered around updating the framework’s PowerView modules with this new code, and coming up with a process to streamline integration between the two projects. Previously, the source for each PowerView-based module (like situational_awareness/network/userhunter, which utilized Invoke-UserHunter) was broken out into hand-stripped files in the module_source/situational_awareness/network…

GPP and PowerView

A few months ago, Skip Duckwall asked me if it was possible, through PowerView, to enumerate what organizational units a particular group policy Globally Unique Identifier (GUID) applied to. Say you have a GUID from a Group Policy Object (e.g. from the results of PowerSploit’s Get-GPPPassword). Knowing exactly what OUs (and then what machines) this policy applies to can really help speed up lateral spread! This is something I wished I had thought of, and I quickly integrated the functionality into PowerView. This post covers a quick demonstration of this new approach using PowerView’s recent 2.0 rewrite. When you run Get-GPPPassword, you’ll get output like this (screenshot…

PowerView 2.0

PowerView is a tool that I’ve spoken frequently about on this blog. It debuted as part of the Veil-Framework in March of 2014, and has gone through a huge number of changes over the last year and a half. It is now a part of the PowerTools repository under the PowerShellEmpire GitHub account, and may be integrated soon into the central PowerSploit repository. Today marks probably the biggest change to PowerView and how people use it since its inception. PowerView v2.0 is a major refactor that eliminates some code components, renames others, absorbs some functions into existing ones, and adds a chunk of new functionality. As…