Over the past few years, attackers have started to realize that the same aspects of PowerShell that make it an excellent Windows automation solution also make it an ideal attack platform. The Empire project aims to bring together various offensive projects into a fully-functional malware agent (written purely in PowerShell) that can be used offensively by red teams and used to train blue teams to defend against these types of attacks. Empire implements the ability to control remote machines without needing powershell.exe and includes nearly all the capabilities of a traditional remote access tool (RAT)- credential stealing, keylogging, screenshoting, etc. but allows for faster development and extensibility than traditional compiled malware. We’ll also cover the forensic disk and memory footprints of the agent, and how how teams can detect and stop offensive toolsets like Empire.
20 июл 2024