Empire & Tool Diversity: Integration is Key

Launching Empire From Meterpreter/Beacon

ReflectiveDLL Method

  • Less impact in process auditing scenarios
  • Use of existing user tokens and proxy settings (i.e. inject into Internet Explorer for cleaner egress)
  • Harder to recognize during initial detection methods when compared with “powershell -nop -enc” pattern

Launcher Method

Passing to Metasploit/Cobalt Strike

Conclusion

--

--

--

Tech: Threat Intel | Photographer @ https://www.justinwarnerphoto.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Best Tips to Grow Your Discord Server FAST in 2022

The Beginner’s Guide to the Basics of Git

A Network That Networks — Part 1: Scenario Based Profile

Double Eleven Technology Series: Flash Sales Optimization on PostgreSQL

Elementary, My Dear Watson — Systematic Problem Solving Helps Fix Mystery Bugs

Dialogflow with Don III

K-Palindrome

Two Easy Ways to Push to Azure Container Registry (Azure ACR)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Justin Warner

Justin Warner

Tech: Threat Intel | Photographer @ https://www.justinwarnerphoto.com

More from Medium

PicoCTF 2022 — Binary Exploitation: ropfu

DNS and Root Server

I was thinking NGINX was the best until i knew OPENRESTY

Example operating model for phishing defence part 1