Empire Red Teaming Tool Updated With Enhanced Agents and API Support

The BC-SECURITY team has released a major update to its flagship offensive security framework, Empire, introducing enhanced agent capabilities and comprehensive API support designed to streamline post-exploitation operations and adversary emulation for Red Teams and penetration testers worldwide.

Enhanced Features Drive Advanced Operations

Empire’s latest iteration showcases a server/client architecture engineered for multiplayer support, enabling distributed teams to collaborate seamlessly across complex engagements.

The framework maintains fully encrypted communications while supporting multiple listener types, including HTTP/S, Malleable HTTP, OneDrive, Dropbox, and PHP listeners—providing operators with flexible command-and-control options tailored to diverse network environments.

The updated release expands Empire’s already impressive arsenal to over 400 supported tools spanning PowerShell, C#, and Python modules.

Key integrations include industry-standard offensive tools such as Mimikatz for credential extraction, Seatbelt for host reconnaissance, Rubeus for Kerberos manipulation, and Certify for Active Directory Certificate Services exploitation.

The framework’s Donut integration enables sophisticated shellcode generation, while the modular plugin interface allows teams to customize server features according to specific operational requirements.

Security evasion capabilities receive significant attention with integrated obfuscation using ConfuserEx 2 and Invoke-Obfuscation, complemented by JA3/S and JARM evasion techniques designed to bypass advanced network monitoring solutions.

The framework’s in-memory .NET assembly execution and customizable bypasses ensure minimal forensic footprints during engagements.

Empire’s agent diversity stands as a cornerstone feature, supporting PowerShell, Python 3, C#, IronPython 3, and Go implementations.

This cross-platform compatibility ensures operators can maintain persistent access across heterogeneous environments, from Windows domain controllers to Linux-based cloud infrastructure.

The MITRE ATT&CK integration provides structured mapping of tactics and techniques, enabling teams to align their testing methodologies with established threat modeling frameworks.

Meanwhile, the integrated Roslyn compiler—adapted from the Covenant project—facilitates dynamic code compilation and execution without external dependencies.

Getting started with Empire requires minimal setup complexity. The framework supports installation across Docker, Kali Linux, ParrotOS, Ubuntu 20.04/22.04, and Debian 10/11/12 distributions, accommodating diverse operational environments.

Quickstart Process

Initial deployment begins with recursive cloning to ensure all submodules are properly initialized:

git clone --recursive https://github.com/BC-SECURITY/Empire.git

cd Empire

For stable operations, teams should checkout the latest tagged release:

./setup/checkout-latest-tag.sh

./ps-empire install -y

Server deployment follows a straightforward command structure:

# Launch the Empire server

./ps-empire server

# Access help documentation

./ps-empire server -h

Organizations utilizing the sponsors version benefit from enhanced Starkiller integration, though this requires SSH credentials configured for GitHub access to private repositories.

The companion Starkiller web application provides an intuitive graphical interface that communicates with Empire via its REST API.

As of version 5.0, Starkiller ships as a packaged git submodule, eliminating additional setup requirements while offering operators an alternative to command-line interaction.

This GUI integration supports mixed environments where both Starkiller and traditional Empire clients operate simultaneously, providing flexibility for teams with varying technical expertise levels.

Empire maintains comprehensive documentation through the Empire Wiki, while active community support operates through the official Discord channel.

The framework’s contribution guidelines encourage community development, with detailed instructions available in the project’s GitHub repository.

Installation documentation, advanced configuration options, and operational guidance remain accessible through the BC-SECURITY GitBook, ensuring teams can maximize the framework’s capabilities regardless of their initial expertise level.

With these enhancements, Empire solidifies its position as an essential tool for modern Red Teams conducting adversary emulation and post-exploitation activities across enterprise environments.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.