Empire draws heavily from the following projects to implement much of its agent’s functionality:
- PowerSploit by @mattifestation, @obscuresec and @JosephBialek
- Posh-SecMod by @Carlos_Perez
- UnmanagedPowerShell by @tifkin_
- PowerShell-AD-Recon by @pyrotek3
- Mimikatz by Benjamin Delpy and Vincent LE TOUX (DCSync function)
And thank you to @ben0xa, @mwjcomputing, and the rest of the offensive PowerShell community! We’ve tried out best to call out everyone involved here and in author sections of Empire modules as appropriate, but if we’ve forgotten to properly cite someone involved please let us know and it will be corrected.
Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. It premiered at BSidesLV in 2015.
DeveloperWill is a security researcher and red teamer with the Adaptive Threat Division of Veris Group.
DeveloperJustin is the Red Team Capability Lead with the Adaptive Threat Division of Veris Group
DeveloperMatt is a red teamer with the Adaptive Threat Division of Veris Group.