Readings: Persistence

What is one of the major advantages of PowerShell Empire?

One of the major advantages of PowerShell Empire is its ability to evade traditional security defenses.

What are some of the APT groups that have been known to use PS Empire and into which step of the Cyber Kill Chain does the use of PS Empire fall?

APT32 (OceanLotus): A cyber-espionage group with a focus on targeting Southeast Asian countries and organizations. They have used PowerShell Empire in their campaigns to gain and maintain access to compromised systems.APT 41 (Barium): A Chinese state-sponsored cyber-espionage group known for targeting a wide range of industries and organizations globally. They have used PowerShell Empire to maintain persistence and move laterally within compromised networks.

What are the four main components needed to pull off an attack using PS Empire?

Listener: the listener is a process which listens for a connection from the machine we are attacking. This helps Empire send the loot back to the attacker’s computer.Stager: A stager is a snippet of code that allows our malicious code to be run via the agent on the compromised host.Agent: An agent is a program that maintains a connection between your computer and the compromised host.Module: These are what execute our malicious commands, which can harvest credentials and escalate our privileges as mentioned above.