Researcher has officially released Empire 6.3.0, a significant update to the widely used post-exploitation and adversary emulation framework designed for Red Teams and Penetration Testers.
This latest version reinforces the tool’s modular architecture, offering operator flexibility through a robust server/client model.
Written primarily in Python 3, Empire 6.3.0 continues to streamline remote engagements with built-in encrypted communications and an integrated GUI, Starkiller, which now comes packaged directly as a git submodule to eliminate complex setup requirements.
The core of Empire 6.3.0 relies on a flexible architecture that supports multiplayer campaigns, allowing multiple operators to interact with the server simultaneously.
The update brings support for a wide range of listeners, including HTTP/S, Malleable HTTP, OneDrive, Dropbox, and PHP, ensuring diverse communication channels for covert operations.
According to BC Security, operators have access to a massive library of over 400 supported tools spanning PowerShell, C#, and Python.
Key integrations include Donut for shellcode generation and the Roslyn compiler (courtesy of Covenant), which enables in-memory .NET assembly execution.
| Feature Category | Capabilities and Details |
|---|---|
| Architecture | Server/Client model with Multiplayer support; Fully encrypted communications |
| Listeners | HTTP/S, Malleable HTTP, OneDrive, Dropbox, PHP |
| Supported Agents | PowerShell, Python 3, C#, IronPython 3, Go |
| Integrations | Donut (shellcode), Roslyn Compiler, Starkiller GUI (built-in) |
| Evasion & Obfuscation | ConfuserEx 2, Invoke-Obfuscation, JA3/S & JARM Evasion, In-memory .NET execution |
| Modules | 400+ tools including Mimikatz, Seatbelt, Rubeus, SharpSploit, Certify |
| Installation Support | Docker, Kali, ParrotOS, Ubuntu 22.04/24.04, Debian 11/12 |
Security researchers can also leverage customizable bypasses and integrated obfuscation techniques using ConfuserEx 2 and Invoke-Obfuscation to evade detection during engagements.
Empire 6.3.0 expands its agent capabilities to support a variety of environments. The framework now includes agents for PowerShell, Python 3, C#, IronPython 3, and Go, allowing for broad compatibility across target systems.
To further aid in evasion, the release incorporates JA3/S and JARM evasion techniques and full integration with the MITRE ATT&CK framework for mapping adversary behaviors.
Deployment has been simplified with install support for Docker, Kali Linux, ParrotOS, Debian 11/12, and the latest Ubuntu 22.04/24.04 LTS releases.
Users can quickly deploy the server using the provided startup scripts or access the Starkiller web interface for a graphical management experience.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.