Explore a comprehensive overview of Empire, the popular post-exploitation framework, in this 50-minute conference talk from Derbycon 2016. Gain insights into Empire's development, community, and key features as presented by Will Schroeder and Matt Nelson. Discover the framework's evolution, including new capabilities like Python Empire, Kerberos module, and Bloodhound integration. Learn about design decisions, packet structure improvements, and various stagers such as HTTP and Internet Explorer. Understand the motivations behind Empire's creation and its impact on the security landscape. Delve into topics like process injection, UAC bypasses, and modular command and control. Witness a live demonstration showcasing Empire's capabilities and potential applications in penetration testing and red team operations.
Overview
Syllabus
Intro
How many people use Empire
The community
Will Schroeder
Matt Nelson
Jeff Snover
Development
Watch Dogs
Meterpreter
Cryptic Key Change
Process Injection
New Features
Python Empire
Empire Drawbacks
Motivations
Design Decisions
General Packet
orphaned agent renegotiation
Kerberos module
Bloodhound module
New UAC bypasses
New Menu
NPI Integration
Language Integration
Interface Integration
Stagers
Modular C2
Staging
HTTP
Internet Explorer
HTV
PHP Pivot
Mature Preliminary
New Packet Structure
ThirdParty Transport
SMB
Demo
