Building an EmPyre with Python.

BSidesLV 2016

Presented by: Steve Borosh, Alexander Rymdeko-Harvey, Will Schroeder
Date: Wednesday August 03, 2016
Time: 17:00 - 18:00
Location: Florentine A
Track: Breaking Ground

Many companies are deploying an increasing number of OS X hosts in their corporate networks, presenting a challenge to pentesters traditionally accustomed to Windows toolsets and tradecraft. Red teaming begets creativity, however, and if you encounter a Mac-heavy environment on an engagement, one must adapt and rise to the occasion.

This presentation covers our custom remote access tool, EmPyre, that we built in response to this very challenge. EmPyre is a Python-based RAT heavily focused towards OS X and built on the same secure communications and flexible architecture of the PowerShell Empire project. EmPyre features post-ex modules including keylogging, hash dumping, clipboard stealing, network situational awareness, lateral spread and more, as well as stager options ranging from macros to dylibs. We will also cover components of Mac tradecraft and how one can utilize EmPyre to execute a complete engagement in a predominantly OS X environment.

Will Schroeder

Will Schroeder (@harmj0y) is a security researcher and pentester/red-teamer for Veris Group’s Adaptive Threat Division. He is a co-founder of the Veil- Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a co-founder and core developer of the PowerShell post-exploitation agent Empire. He has presented at a number of security conferences on topics spanning AV-evasion, post-exploitation, red teaming, offensive PowerShell, and more. A former national lab security researcher, he is happy to finally be in the private sector.

Steve Borosh

Alexander Rymdeko-Harvey

Alex Rymdeko-Harvey (@killswitch_gui) is a previous U.S. Army Soldier who recently transitioned and currently works at the Adaptive Threat Division at Veris Group as a penetration tester and red teamer. Alex has a wide range of skills and experience from offensive to defensive operations taking place in today's modern environments.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats