Skip to main content

Introduction


Revision History​

DateAuthorSummary
14-OCT-2023TSgt. BernadotteInitial draft
21-MAR-2026CW2 BernadotteExpanded listener types (HTTPS/COM/Malleable), stager comparison, agent interaction/management, pivoting (SOCKS5/proxychains), and obfuscation/evasion sections

Purpose​

This document provides a set of procedures for operators on the basic usage of PowerShell-Empire. By detailing the framework's capabilities, setup, and advanced techniques, this document aims to equip operators with the knowledge and skills required to perform Cyber Threat Emulation activities.

Brief Overview of PowerShell-Empire: PowerShell-Empire is a powerful post-exploitation framework that leverages Microsoft's PowerShell. Since its introduction, it has become a go-to tool for many penetration testers and red teamers due to its versatility in managing compromised systems, pivoting across networks, and bypassing modern security defenses. Its agent-based architecture, along with a number of modules, offers a wide range of capabilities that can simulate advanced persistent threats (APTs) and other sophisticated adversaries.