BC Security's Empire/Starkiller & Kali Linux
We have always worked to support the information security community as a whole, and over the years experimented with different ideas (some with a greater success than others). One of the key components to Kali is the tools included (either pre-installed or installed via apt). Joining together infosec professional/hobbyist and tool authors, today we are announcing another partnership: Kali has partnered with BC Security.
BC Security is the team who is currently maintaining the most active fork of Empire. In August 2019, the original maintainers archived the project, but with Open-source projects (as long as they don’t break software licenses) other groups can take someone else’s code and improve upon it. This is exactly what BC Security did, forking the project, to keep the flame of PowerShell Empire alive.
Empire is a post-exploitation framework, which its agents supporting various different Operating Systems (OS). Windows is purely implemented in PowerShell (without
powershell.exe!), and Linux/macOS is done in Python 3. Feature rich with various options to bypass various protections (and allows for easy modification for custom evasion), Empire is often a favourite for Command and Control (C2) activity.
We first had interaction with BC Security, when they were porting over the original Empire code base (v2.5) from Python 2 to 3 (as v2 had reached End of Life in January 2020). This is to help ensure Empire is is up-to-date and relevant with the modern software stack. They have also put in the time to increase empires features (growing on the original authors, that malware can be in PowerShell format). BC Security also have created their own “Graphical User Interface (GUI)”, Starkiller, to go along side Empire.
Under their sponsorware model, in order to get the latest version of Empire & Starkiller, you can sponsor to get the latest access, use Kali Linux, or wait 30 days until the source code becomes public. We believe the partnership will aid development of the tool (who doesn’t want new features!), but at the same time allowing access to it for as many people as possible.
With the announcement of the partnership, there are new versions being released:
- Empire has reached v3.7
- Starkiller is now at v1.6
┌──(kali㉿kali)-[~] └─$ sudo apt update ┌──(kali㉿kali)-[~] └─$ sudo apt install -y powershell-empire starkiller ┌──(kali㉿kali)-[~] └─$ sudo powershell-empire