Are you looking to obtain persistence using Empire? In this course, you’ll cover how to utilize Empire for persistence in a red team environment. First, you’ll demonstrate how to obtain a high integrity persistent agent. Next, you’ll apply registry and WMI attacks for persistence. Finally, you’ll simulate using a specific user for persistence callbacks. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques T1547.001, T1548.001, T1546.003, T1136.001 and T1053.002 using Empire.
Rishalin Pillay has over 12 years of cybersecurity experience and has acquired a vast amount of skills consulting for Fortune 500 companies while taking part in projects performing tasks in network security design, implementation, and vulnerability analysis. He holds many certifications that demonstrate his knowledge and expertise in the cybersecurity field. He is an author and content contributor to a number of books.
Course Overview (Tool Introduction) Hey there. I'm Rishalin Pillay, and welcome to this Red Team tools course. You may have heard about APT groups such as APT19 who has targeted a variety of industries. What about FIN10, who is a financially motivated group who uses stolen data to extort organizations? Another group is the CopyKittens. They were responsible for Operation Wilted Tulip. What is so significant about these groups? Well, one of the tools that they actively use is called Empire, commonly referred to as PowerShell Empire. Once these APT groups establish C2 channels into an environment, the next step is for them to maintain their foothold. This is where persistence comes into play. In this course, I will show you how to establish persistence using Empire. Empire leverages PowerShell, which is predominantly used today. PowerShell is an extremely powerful tool, which is used by both administrators and attackers. Empire has the ability to manage multiple agents and perform multiple post‑exploitation capabilities. It is robust with over 300 modules that can be used. If you are looking for a tool that can be used for persistence, please join me in this course where I will show you how to perform persistence techniques that are used today by real‑world attackers.