Persistence with Empire

PowerShell has quickly become the standard in enterprise networks. In this course you will learn how to obtain persistence using Empire.
Course info
Level
Intermediate
Updated
Oct 23, 2020
Duration
23m
Table of contents
Description
Course info
Level
Intermediate
Updated
Oct 23, 2020
Duration
23m
Description

Are you looking to obtain persistence using Empire? In this course, you’ll cover how to utilize Empire for persistence in a red team environment. First, you’ll demonstrate how to obtain a high integrity persistent agent. Next, you’ll apply registry and WMI attacks for persistence. Finally, you’ll simulate using a specific user for persistence callbacks. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques T1547.001, T1548.001, T1546.003, T1136.001 and T1053.002 using Empire.

About the author
About the author

Rishalin Pillay has over 12 years of cybersecurity experience and has acquired a vast amount of skills consulting for Fortune 500 companies while taking part in projects performing tasks in network security design, implementation, and vulnerability analysis. He holds many certifications that demonstrate his knowledge and expertise in the cybersecurity field. He is an author and content contributor to a number of books.

More from the author
Command and Control with Empire
Intermediate
22m
Sep 17, 2020
More courses by Rishalin Pillay
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview (Tool Introduction)
Hey there. I'm Rishalin Pillay, and welcome to this Red Team tools course. You may have heard about APT groups such as APT19 who has targeted a variety of industries. What about FIN10, who is a financially motivated group who uses stolen data to extort organizations? Another group is the CopyKittens. They were responsible for Operation Wilted Tulip. What is so significant about these groups? Well, one of the tools that they actively use is called Empire, commonly referred to as PowerShell Empire. Once these APT groups establish C2 channels into an environment, the next step is for them to maintain their foothold. This is where persistence comes into play. In this course, I will show you how to establish persistence using Empire. Empire leverages PowerShell, which is predominantly used today. PowerShell is an extremely powerful tool, which is used by both administrators and attackers. Empire has the ability to manage multiple agents and perform multiple post‑exploitation capabilities. It is robust with over 300 modules that can be used. If you are looking for a tool that can be used for persistence, please join me in this course where I will show you how to perform persistence techniques that are used today by real‑world attackers.