Empire 3.7.2 releases: PowerShell & Python post-exploitation agent
Empire 3.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premiered at HackMiami 2016. BC-Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) and JA3/S signatures at DEF CON 27.
Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we’ve interacted with heavily here and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to properly cite existing or prior work, please let us know at Empire@BC-Security.org.
- Version 3.7.2 Master Release
– Fixed Malleable C2 issue where netbios/netbiosu transformations used excessive resources (@Cx01N)
– Fixed error when loading http_hop listener options (@Cx01N)
- Version 3.7.1 Master Release (Kali Build Only)
– Added Kali message to main menu
- Version 3.7.0 Master Release
– Revamped backend database from direct sqlite3 to SQLAlchemy (@Cx01N, @vinnybod)
– Added new Empire CLI to packaging (@vinnybod)
– Added malleable C2 profiles to empire directory: /data/profiles (@Cx01N)
– Added –teamserver option to launcher (@Cx01N)
– Added support for logging into Empire from multiple locations (@vinnybod)
– Added Invoke-WireTap (@Cx01N)
– Added Invoke-SauronEye (@Cx01N)
– Added Invoke-SharpLoginPrompt (@Cx01N)
– Fixed OneDrive Listener with new database (@Cx01N)
– Removed need to run setup database script (@vinnybod)
– Updated docker image to use the locked dependencies in pyproject.toml (@vinnybod)
git clone https://github.com/BC-SECURITY/Empire.git
Copyright (c) 2017, Will Schroeder, Justin Warner, Matt Nelson, Steve Borosh, Alex Rymdeko-Harvey, Chris Ross
All rights reserved.