Persistence with Empire
PowerShell has quickly become the standard in enterprise networks. In this course you will learn how to obtain persistence using Empire.
What you'll learn
Are you looking to obtain persistence using Empire? In this course, you’ll cover how to utilize Empire for persistence in a red team environment. First, you’ll demonstrate how to obtain a high integrity persistent agent. Next, you’ll apply registry and WMI attacks for persistence. Finally, you’ll simulate using a specific user for persistence callbacks. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques T1547.001, T1548.001, T1546.003, T1136.001 and T1053.002 using Empire.
Table of contents
Windows PowerShell is a task automation and configuration management framework from Microsoft. PowerShell consists of a command-line shell and the associated scripting language making it easy for users to navigate.
In this course, you will learn how to establish persistence using Empire. Empire leverages PowerShell which is a commonly used tool by both administrators and attackers.
Persistence is a commonly used technique for an attacker which allows them to maintain an infection or re-infect a machine after events such as: changed credentials, system reboots, and also a re-imaging machine.
PowerShell is an object-oriented based scripting language, cmd commands work in PowerShell, PowerShell supports automation of tasks, background jobs, is reusable and interactive.
A cybersecurity framework is a set of documents that define the best practices for a specific organization to follow in order to manage and mitigate their cybersecurity risk.