BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework.
This update reinforces Empire’s position as a premier tool for Red Teams and penetration testers, offering a flexible, modular server architecture written in Python 3 along with extensive agent support.
Unified Architecture and Expanded Agent Support
Empire 6.3.0 continues to streamline operations with its server/client architecture, designed to support multiplayer engagements.
The framework allows multiple operators to collaborate seamlessly while maintaining fully encrypted communications.
A key highlight of this release is the robust support for diverse agent languages, enabling operators to deploy implants across various environments.
| Feature Category | Capabilities and Details |
|---|---|
| Supported Agents | PowerShell, Python 3, C#, IronPython 3, Go |
| Evasion & Security | JA3/S & JARM Evasion, ConfuserEx 2, Invoke-Obfuscation, Encrypted Comms |
| Installation Support | Docker, Kali, ParrotOS, Ubuntu 22.04/24.04, Debian 11/12 |
| Execution Modules | Assembly Execution, BOF Execution, Mimikatz, Rubeus, Seatbelt |
| Compiler Integration | Integrated Roslyn compiler (Covenant) for in-memory .NET execution |
| Interface | CLI Client & Starkiller Web GUI (Git submodule) |
The inclusion of Go agents alongside traditional PowerShell and Python 3 agents significantly broadens the operational scope, allowing for execution on systems where interpreted languages might be restricted.
The integrated Starkiller GUI, now packaged as a Git submodule, provides a modern web interface for remote server management.
This eliminates the need for complex independent setups, as Starkiller interfaces directly with Empire’s API to offer a graphical alternative to the command-line client.
Security evasion remains a priority in version 6.3.0. The framework incorporates JA3/S and JARM evasion techniques to blend traffic profiles and bypass network detection logic.
Installation Quickstart:
bashgit clone --recursive https://github.com/BC-SECURITY/Empire.git
cd Empire
./setup/checkout-latest-tag.sh
./ps-empire install -y
./ps-empire server
Additionally, integrated obfuscation tools like ConfuserEx 2 and Invoke-Obfuscation help mask payloads from antivirus and EDR solutions.
The module library now boasts over 400 supported tools, ranging from Mimikatz and Seatbelt to custom C# assemblies compiled via the integrated Roslyn compiler.
This modular design allows operators to rapidly extend functionality by adding custom plugins or utilizing the flexible module interface for new tools.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
