410 Reading 27 - marsecguy/reading-notes-cyberops GitHub Wiki

PowerShell Empire

1. What is one of the major advantages of PowerShell Empire?

   • By not needing to use powershell.exe, it can bypass anti-virus screens.
   • By using encrypted communication, it is also difficult to detect by searching logs or automated detection tools.

2. What are some of the APT groups that have been known to use PS Empire and into which step of the Cyber Kill Chain does the use of PS Empire fall?

   • Hades
   • FIN7
   • PS Empire falls within the command and control step of the cyber kill chain.

3. What are the four main components needed to pull off an attack using PS Empire?

   • Listener
   • Stager
   • Agent
   • Module

Sources:BleepingComputer Raj Chandel