Powershell Empire is described as “a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework.”
This powerful tool premiered at BSidesLV in 2015 and is used by penetration tests and hackers all over the world.
“PowerShell Empire is a unique attack framework in that its capabilities and behaviors closely resemble those used by current nation state advanced persistent threat actors,” a 2018 SANS white paper on Empire said.
“Another increasing trend of attackers is that they are leveraging existing tools to carry out their attacks. This is a logical progression since it enables one to remain under the radar by mixing in with legitimate administrative chatter. After all, who needs to execute a binary with a reverse shell payload when you have RDP, psexec, net, cmd, cscript, wmic, wbemtest, mofcomp, PowerShell, etc. at your disposal.”
Download here.
It was also recently announced there will be no additional development on this tool. It is still available, but there are other tools which will continue to improve on what this solution started. Try these similar PowerShell-based penetration testing tools: Apfell, Covenant, PowerSploit, and Cobalt Strike.
Technology News and Information by SeniorDBA 