Are you looking to use Empire in a red team engagement? In this course, Command and Control with Empire, you’ll learn how to utilize Empire for command and control in a red team environment. First, you’ll see how to leverage multi-hop proxies for C2. Next, you’ll learn to apply file upload capabilities and registry commands to establish remote access. Finally, you’ll explore to simulate establishing a C2 over a non-standard port. When you’re finished with this course, you’ll have the skills and knowledge to execute ingress tool transfer (T1105), remote access software (T1219), non-standard port (T1571) and multi-hop proxy (T1090.003) using Empire.
Rishalin Pillay has over 12 years of cybersecurity experience and has acquired a vast amount of skills consulting for Fortune 500 companies while taking part in projects performing tasks in network security design, implementation, and vulnerability analysis. He holds many certifications that demonstrate his knowledge and expertise in the cybersecurity field. He is an author and content contributor to a number of books.
Course Overview (Tool Introduction) Hey there. I'm Rishalin Pillay, and welcome to this Red Team Tools course. You may have heard about APT groups such as APT19 who has targeted a variety of industries, including defense, finance, legal services, and more. What about FIN10 who is a financially motivated group who uses stolen data to extort organizations. Another well‑known group is CopyKittens who were responsible for Operation Wilted Tulip. Now you may be wondering, what is so significant about these groups? Well, one of the tools that is common among these APT groups, and a few other groups, is the tool called Empire, commonly referred to as PowerShell Empire. In this course, I will show you how to establish Command and Control with Empire. Empire leverages PowerShell, which is commonly used today. PowerShell is an extremely powerful tool which is used by both administrators and attackers. It has the ability to manage multiple agents and perform multiple post‑exploitation capabilities. Since this is a post‑exploitation framework, it is very robust and contains over 300 modules that can be used. If you are looking for a tool that can be used for Command and Control, please join me in this course where I will show you how to perform Command and Control techniques that are used today by real‑world attackers.