Skip to content

Releases: BC-SECURITY/Empire

v5.9.3

09 Feb 03:52
e73e883
Compare
Choose a tag to compare

[5.9.3] - 2024-02-09

Added

  • Added option to windows_macro stager to select Excel or Word and AutoOpen or AutoClose (@Cx01N)

Fixed

  • Fixed obfuscation issue in Malleable HTTP listeners and added tests (@Cx01N)
  • Fixed issue that invalid session IDs were accepted by the server (@Cx01N)
  • Fixed skywalker exploit (again) and added tests (@Cx01N)

v5.9.2

31 Jan 07:25
52dcb52
Compare
Choose a tag to compare

[5.9.2] - 2024-01-31

  • Updated Starkiller to v2.7.2

Fixed

  • Fixed the ForeignKeyConstraint error when refreshing a directory that contains a file with a linked Download (@vinnybod)
  • Downgraded bcrypt to version 4.0.1 to resolve issue in passlib (@Cx01N)

v5.9.1

25 Jan 05:49
a75ee49
Compare
Choose a tag to compare

[5.9.1] - 2024-01-25

Changed

  • Convert agent task output to string before the BEFORE_TASKING_RESULT_HOOK (@vinnybod)
  • Updated tasklist for powershell code to not throw error when GetOwner fails (@Cx01N)

Fixed

  • Updated Uvicorn to fix issue where an open browser would cause the shutdown to hang (encode/uvicorn#2145) (@vinnybod)
  • Fixed the fastapi app lifecycle not being properly called on shutdown (@vinnybod)
  • Converted listener threads to daemons so they don't hang the shutdown in Python 3.12 and report RuntimeError: can't create new thread at interpreter shutdown (@vinnybod)
  • Log warning about ps/ls hooks and filters not being able to parse the JSON output (@vinnybod)

[5.9.0] - 2024-01-20

Added

  • Added validation and execution exceptions for modules to raise (@vinnybod)
  • Added decorators for module generate functions to automatically get the module_source and call finalize_module (@vinnybod)
  • Added execution exception to plugins (@vinnybod)
  • Added RUF rules to ruff config (@vinnybod)
  • Added SIM rules to ruff config (@vinnybod)
  • Added BOF modules to Empire as yamls (@Cx01N)
    • Added ClipBoardWindow-Inject module
    • Added nanodump module
    • Added secinject module
    • Added tgtdelegation module
    • Added TrustedSec's SA modules
  • Added custom certificate path to server config.yaml (@AaronVigal)

Deprecated

  • Returning tuples from module generate functions is deprecated
    • To return a 400, raise a ModuleValidationException
    • To return a 500, raise a ModuleExecutionException
    • Stop using handle_error_message
  • Returning tuples from plugin execution functions is deprecated
    • To return a 400, raise a PluginValidationException
    • To return a 500, raise a PluginExecutionException
  • Loading plugins from a .plugin file is deprecated
    • Use a .py file with a plugin.yaml instead
  • Extending the Plugin class is deprecated
    • Use the BasePlugin class instead

Changed

  • Migrated some Pydantic and FastAPI usage away from deprecated features (@vinnybod)
  • Updated the install script and Docker file from Python 3.12.0 to 3.12.1 (@vinnybod)
  • Upgraded all dependencies with poetry up (@vinnybod)
  • Plugin updates (@vinnybod)
    • Plugins have a plugin.yaml
    • Base plugin class is now BasePlugin
    • Updated plugin documentation
  • Upgraded Black to 23.12.0 (@vinnybod)
  • Upgraded Ruff to 0.1.9 (@vinnybod)
  • Upgraded Seatbelt to 1.2.1 (@Cx01N)

v5.8.4

22 Dec 00:28
59af878
Compare
Choose a tag to compare

[5.8.4] - 2023-12-22

Fixed

  • Fixed Path variables in EmpireConfig not properly expanding ~ (@vinnybod)

v5.8.3

15 Dec 04:41
53d8775
Compare
Choose a tag to compare

[5.8.3] - 2023-12-15

Fixed

  • Fixed error in Get-DomainComputer in Powerview when dnshostname property is missing (@Cx01N)

v5.8.2

09 Dec 22:45
dd7a460
Compare
Choose a tag to compare

[5.8.2] - 2023-12-09

Fixed

  • Fixed error in generating stager for HTTP Hop listener (@Cx01N)
  • Fixed the publishing of docker images to go to the correct DockerHub coordinate (@vinnybod)

v5.8.1

04 Dec 06:21
f766c95
Compare
Choose a tag to compare

[5.8.1] - 2023-11-30

  • Updated Starkiller to v2.7.1

Added

  • Add tags search to credentials endpoints (@vinnybod)
  • Allow Starkiller to be disabled (@vinnybod)
  • Allow API port to be configured from the config.yaml (@vinnybod)
  • Add flake8-comprehensions rules to ruff config (@vinnybod)

Changed

  • Upgrade Pydantic to v2 (@vinnybod)
  • Update common FastAPI Dependencies to use 'Annotated' types for simpler code (@vinnybod)
  • Simplify TestClient setup (@vinnybod)
  • Removed usages of deprecated Credentials and Listeners functions (@vinnybod)
  • Remove usages of deprecated Agents functions (@vinnybod)
  • Add typehinting for MainMenu object in modules (@vinnybod)
  • Removed name property from listener start and shutdown functions (@vinnybod)
  • Removed secretsocks as dependency for Python agents (@Cx01N)

Removed

  • Remove unused migration scripts (@vinnybod)

Fixed

  • Fixed the database session management for websocket endpoints (@vinnybod)

[5.8.0] - 2023-11-06

  • Warning: You may run into errors installing things such as nim if you are running the install script on a machine that previously ran it. This is due to permissions changes with the install script. In this case it is recommended to use a fresh machine or manually remove the offending directories/files.

Added

  • Added automatic tasking for sysinfo for stageless agents (@Cx01N)

Changed

  • Modernized the Python and IronPython agents with new agent and staging code (@Cx01N)
  • Updated listeners to consistently use port 80 and 443 for HTTP traffic by default (@Cx01N)
  • Make the installation of donut conditional on architecture since it doesn't work on ARM (@vinnybod)
    • When donut is invoked but not installed, give a useful warning (@vinnybod)
  • Allow a config to be loaded from an outside directory and the downloads/logs/etc to be stored in an outside directory (@vinnybod)
  • Correct more deprecation warnings for SQLAlchemy and invalid escape sequences (@vinnybod)
  • Updated the ruff minimum Python version to 3.10 and applied fixes to get codebase compliant (@vinnybod)
  • Remove unneeded condition statement from all listeners (@vinnybod)
  • Update Docker build (@vinnybod)
    • Use the official Poetry installer
    • Fix Starkiller trying to auto-update inside the container
    • Pre-install Starkiller as part of the docker build
    • Use Python 3.12
    • Don't use apt for powershell and dotnet
    • DockerHub images now have linux/amd64 and linux/arm64 architectures
  • Dependency changes (@vinnybod)
    • Use BC-Security fork of md2pdf until upstream can support Python 3.12
    • Use a patched version of pysecretsocks that packages asyncore for Python 3.12 support
    • Use docopt-ng for Python 3.12 support
    • Add packaging as a runtime dependency
  • Update install script (@vinnybod)
    • Use pyenv to install Python
    • Use the official Poetry installer
    • Don't run the entire script as root
    • Rewrite the test containers and reuse a templated Dockerfile
    • Add Debian12 support
    • Bump all OS to use Python 3.12
    • Refactor the script to be a bit more readable
    • Condense the test_install_script job
    • Added option to start MySQL service on boot (@Cx01N)

Removed

  • Drop support for Python 3.8 and 3.9

v5.7.3

17 Oct 04:09
9bc4550
Compare
Choose a tag to compare

[5.7.3] - 2023-10-17

  • Updated Starkiller to v2.6.1
  • Fixed global obfuscation not working on modules (@Cx01N)
  • Added bypass module in PowerShell to run bypasses after agent is staged (@Cx01N)
  • Fixed IronPython and Python stagers not getting obfuscation applied (@Cx01N)

[5.7.2] - 2023-09-28

  • Updated Dropbox C2 to use new API endpoints (@Cx01N)
  • Standardized Kill Date and Working Hours for PowerShell Agents (@Cx01N)
  • Apply fixes for future Python 3.12 compatibility (@vinnybod)
  • Add additional rulesets to ruff linting (@vinnybod)

[5.7.1] - 2023-09-25

[5.7.0] - 2023-09-17

  • Add avatars to users (@vinnybod)
  • Update plugin documentation, update embedded plugins to not abuse notifications (@vinnybod)
  • Add additional pre-commit hooks for code cleanup (@vinnybod)
  • Report test coverage on pull requests (@vinnybod)
  • Fixed issue with multiple parameters not executing in IronPython for C# tasks (@Cx01N)
  • Fix for spawnas not generating bat file (@wizquaza)
  • Fixed taskings for OneDrive listener (@Hubbl3)

v5.6.4

08 Sep 05:50
57a2fea
Compare
Choose a tag to compare

[5.6.4] - 2023-09-08

  • Added Stix2 to dependency list for Advanced Reports (@Cx01N)
  • Fixed C# module imports for IronPython agent (@Cx01N)
  • Updated Invoke-DllInjection.ps1 (@Signum21)
  • Fix nimble install error (@fukusuket)

v5.6.3

27 Aug 22:09
5b2ad2c
Compare
Choose a tag to compare

[5.6.3] - 2023-08-27

  • Updated Starkiller to v2.5.3
  • Added Advanced Reporting Plugin and dependencies (@Cx01N)
  • Pin linters in the workflow
  • Catch error when starting up database that was seeded by an older version of Empire (@vinnybod)
  • Updated Windows BAT launcher to use Base64 for all payloads (@Cx01N)

[5.6.2] - 2023-08-09

  • Update the github issue templates to use forms (@vinnybod)
  • Fix issue with option validator throwing error for strict non-required options (@vinnybod)
  • Allow Starkiller to load even if the git pull fails if the dir exists (@vinnybod)
  • Update listener descriptions to not specify languages since Empire supports more languages now

[5.6.1] - 2023-08-02

[5.6.0] - 2023-07-25

  • Upgrade dependencies
  • Upgrade Dockerfile to bullseye and 3.11.4
  • Allow download_service to accept a pathlib.Path object to create a download (@vinnybod)
  • Fix file option for listeners, stagers, plugins (@vinnybod)
  • Add tags to Listeners, Agents, Agent Tasks, Plugin Tasks, Credentials, and Downloads (@vinnybod)
    • Add endpoints to add, edit, and delete tags for each resource type
    • Add tag list endpoint
    • Add tag filters to Agent Tasks, Plugin Tasks, and Downloads
    • Add events for new and updated tags
  • Fix user filters for tasks to include tasks without any users (@vinnybod)
  • Refactor stager and listener tests to work better in parallel (@vinnybod)
  • Add a Invoke-PhishingLNK Module (@0xFFaraday)
  • Fix changelog link in README (@theguly)