
Conduct high-value penetration tests ethically using PowerShell Empire to strengthen security. Always obtain explicit written permission from authorized network owners.
Kali Login: root / toor
Windows Login: ieuser / Passw0rd!
Begin with a lab to install empire on Kali Linux, cover empire terminology and command-and-control basics, then practice hands-on with Power Shell empire.
Learn Empire terminology for deployment and control: stagers establish connections to the control server, listeners receive those connections, and agents infect hosts, with modules running tasks on the infected system.
Explore how Empire command and control works: deploy a listener on the control server, stage code on the victim, and enable the server to execute modules and receive results.
Conclude module two by reviewing empire installation, listeners and stagers for command and control, and the basic skills to operate the empire framework.
Explore initial code execution and hands-on techniques, including physical access attacks, spear phishing with weaponized documents, malicious applications, and removable media payloads, all with explicit written permission.
Explore physical access attack vectors, from unattended computers to USB drives, and learn techniques to deploy empire stager via compromised terminals, browsers, or removable media.
Explore methods to achieve the initial compromise through social engineering, learn to craft legitimate pretexts, and understand how attackers advance access across networks.
Fortify your initial access after gaining a foothold, survive reboots and antivirus termination, and conduct internal reconnaissance to escalate to a privileged account.
Examine the user land persistence registry model by inserting empire payload into Windows registry run key, with optional data streams or event logs, tested under a low privileged user.
Explore userland persistence with schtasks, creating a low-privilege scheduled task that runs after idle time or at a set time, with Empire cleanup restoring the pre-persistence state.
Explain how Windows user account control enforces process integrity levels and prompts elevation, and show how Empire's UAC bypass module enables testers to bypass UAC in client-side attacks.
Learn how the bypass UAC model uses process injection and a trusted publisher certificate to run privileged commands when UAC is off, demonstrated with Empire agents.
Explore Windows privilege escalation in detail, covering PowerView, UAC bypass, and obtaining system privileges, while noting these techniques are foundational and warrant further study.
Explore lateral movement with empire by pivoting from a Windows 7 VM to a Windows 8 VM using the invoke WMI model and credential reuse.
Record keystrokes with a keystroke logging module, save results to a file, and highlight the potential collection of passwords and emails, all with simple syntax for pen testing.
Explore how attackers move laterally, extract passwords, and siphon data across networks using empire's collection modules to demonstrate impact as a professional tester.
Stay proficient with empire and penetration testing, and continuously learn new skills as hacking evolves. Model attackers' techniques to breach networks and push your organization toward a better security posture.
Penetration Testing with PowerShell Empire teaches you how to harness the awesome power of Windows PowerShell to conduct modern enterprise computer attacks against high security networks. In this course, you will learn how to leverage all of PowerShell Empire's features and capabilities so that you can conduct realistic, high-value penetration tests in high security networks. If you're a pentester and you're not using Empire...you're doing it wrong!