Over at Critical Informatics I wrote a guest blog post about implant beaconing. How and why they're used, and some traffic indicators you might expect to see.
Empire Post Exploitation – Unprivileged Agent to DA Walkthrough
Let's say you've successfully phished a client, and now have an Empire agent on a victim computer. Congratulations! Establishing an initial foothold on a network, with either a .hta link or an office macro (excellent write-up using this method by @enigma0x3), can be one of the hardest parts of pentesting, and most security practices are designed to …
Continue reading Empire Post Exploitation – Unprivileged Agent to DA Walkthrough
Athena: The CIA’s RAT vs Empire
A review of Athena, the CIA's RAT, its features, and how it compares to Empire
Rome Didn’t Fall in a Day: Building A Resilient Empire C2, Part Two
[Originally posted on ImplicitDeny] - This write up is for Empire 1.5, but the same concepts and commands are the same. In Part One we went over the reasons for having a resilient C2 infrastructure, and what it should look like. In summary, we want to have two or more internet accessible servers to host the different …
Continue reading Rome Didn’t Fall in a Day: Building A Resilient Empire C2, Part Two
bneg 