Introduction
Revision Historyβ
| Date | Author | Summary |
|---|---|---|
| 14-OCT-2023 | TSgt. Bernadotte | Initial draft |
| 21-MAR-2026 | CW2 Bernadotte | Expanded listener types (HTTPS/COM/Malleable), stager comparison, agent interaction/management, pivoting (SOCKS5/proxychains), and obfuscation/evasion sections |
Purposeβ
This document provides a set of procedures for operators on the basic usage of PowerShell-Empire. By detailing the framework's capabilities, setup, and advanced techniques, this document aims to equip operators with the knowledge and skills required to perform Cyber Threat Emulation activities.
Brief Overview of PowerShell-Empire: PowerShell-Empire is a powerful post-exploitation framework that leverages Microsoft's PowerShell. Since its introduction, it has become a go-to tool for many penetration testers and red teamers due to its versatility in managing compromised systems, pivoting across networks, and bypassing modern security defenses. Its agent-based architecture, along with a number of modules, offers a wide range of capabilities that can simulate advanced persistent threats (APTs) and other sophisticated adversaries.