Reading 24 - Foodisthebest/401-Reading-Notes GitHub Wiki
Readings: Persistence
Below you will find reading materials and additional resources that support today’s topic and the upcoming lecture.
Review the Submission Instructions for guidance on completing and submitting this assignment.
Reading
PowerShell Empire No Longer Maintained
- While no longer maintained by its original creator as of writing, PowerShell Empire has been forked many times and was used by nation state actors from 2015-2019. The PowerShell Empire project is now actively maintained by BC Security. As you read this article, take note of its original purpose as well as the tactical advantages offered to its users.
What is one of the major advantages of PowerShell Empire?
- It uses encrypted communication with the command and control server, and it made it hard to detect traffic from it, particularly in large networks.
What are some of the APT groups that have been known to use PS Empire and into which step of the Cyber Kill Chain does the use of PS Empire fall?
- Hade and FIN7. PS Empire falls on step 6
What are the four main components needed to pull off an attack using PS Empire?
- Listener, Stager, Agent, and Module.