Persistence - focodecided/ops401-cybersecurity GitHub Wiki
1. What is one of the major advantages of PowerShell Empire?
One of the major advantages of PowerShell Empire is that it uses encrypted communication with its command and control server, making it difficult to detect within large networks.
2. What are some of the APT groups that have been known to use PS Empire and into which step of the Cyber Kill Chain does the use of PS Empire fall?
Some APT groups known to use PS Empire include Hades (in the Olympic Destroyer campaign) and FIN7. PS Empire is typically used in the later stages of an attack, after initial infection, for further network exploitation and lateral movement. So it falls into the lateral movement and command and control phases of the Cyber Kill Chain.
3. What are the four main components needed to pull off an attack using PS Empire?
The four main components needed to pull off an attack using PS Empire are: A builder component to generate payloads Stagers to deploy the payloads Agents that run on compromised hosts Listeners to communicate with the agents