Offensive PowerShell had a watershed year in 2014. But despite the multitude of useful projects, many pentesters still struggle to integrate PowerShell into their engagements in a secure manner. The Empire project aims to solve the weaponization problem by providing a robust PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. This is the post-exploitation agent you’ve been waiting for.
Will Schroeder (@harmj0y) is a security researcher and pentester/red-teamer for Veris Group’s Adaptive Threat Division, and is one of the co-founders and active developers of the Veil-Framework. He has presented at Shmoocon, Carolinacon, Defcon, and Derbycon on topics spanning AV-evasion, post-exploitation, red teaming, offensive PowerShell, and more. A former national lab security researcher, he is happy to finally be in the private sector.
Justin Warner (@sixdub) is a pentester/red-teamer with Veris Group’s Adaptive Threat Division and dabbles in security research when he is feeling inspired. As an Air Force Academy graduate and former USAF Cyber Operations Officer, he gained experience with large scale operations at the national level. Justin has a passion for threat research, reverse engineering, and red team operations. He is an active developer on the Veil-Framework and is a participant in various red team events in the DC area.