v5.11.4

[5.11.4] - 2024-09-04

Added

• Added nameserver check for linux hosts (@0x636f646f)

[5.11.3] - 2024-09-04

Changed

• Updated Rubeus to v2.3.2 (@Cx01N)

Fixed

• Fixed Rubeus error where only first arg was being used (@Cx01N)
• Fixed background jobs checking in continuously (@Cx01N)
• Fixed Rubeus killing agent when certain options were given that use System.Environment.Exit (@Cx01N)
• Fixed option parsing error in credential/tokens module (@Cx01N)
• Removed requirement for credid for mimikatz/pth (@Cx01N)

v5.11.2

[5.11.2] - 2024-08-08

• Added Route4Me to sponsor page on Empire (@Cx01N)
• Fixed global obfuscation bug in listener staging (@Cx01N)

[5.11.1] - 2024-07-23

Changed

• Updated Ruff to 0.5.3 and added additional Ruff rules (@vinnybod)

Fixed

• Removed duplicate code for ironpython agent for loading path resetting (@Cx01N)
• Fixed issue of Sharpire taskings not getting assigned correct id (@Cx01N)

[5.11.0] - 2024-07-14

Added

• Added threaded jobs for powershell tasks using Appdomains (@Cx01N)
• Added job tracking for all tasks in Sharpire (@Cx01N)
• Updated agents to track all tasks and removed only tracking jobs (@Cx01N)
• Added Invoke-BSOD modules (@Cx01N)
• Added ticketdumper ironpython module (@Hubbl3)
• Added ThreadlessInject module (@Cx01N)

Fixed

• Fixed issue in python agents where background jobs were failed due to a missing character (@Cx01N)
• Fixed task bundling for the c# server plugin (@Cx01N)
• Fixed missing New-GPOImmediateTask in powerview (@Cx01N)
• Fixed NET45 missing folder causing a compilation error (@Cx01N)
• Fixed NET45 files not being removed on server reset (@Cx01N)

Changed

• Converted C# server plugin to use plugin taskings (@Cx01N)
• Upgraded Ruff to 0.5.0 and Black to 24.4.2 (@vinnybod)
• Added pylint-convention (PLC), pylint-error (PLE), pylint-warning (PLW), and pylint-refactor (PLR) to ruff config (@vinnybod)

v5.10.3

[5.10.3] - 2024-05-23

Changed

• Updated the default value for Sharpup to audit (@Cx01N)
• Updated the default value for Seatbelt to AntiVirus (@Cx01N)
• Updated the default value for SharpWMI to action=query (@Cx01N)
• Updated the default value for SharpSC to action=query service= (@Cx01N)
• Updated GetSystem to require admin (@Cx01N)
• Updated the default value for Moriarty to --debug (@Cx01N)

Fixed

• Fixed issue with generate_agent having a mismatched function name for stageless (@Cx01N)
• Fixed parsing issue for C# portscan with commas (@Cx01N)
• Fixed error for PrivExchange with missing System.XML.dll (@Cx01N)

Removed

• Removed BypassUACGrunt due to compatibility with only Covenant (@Cx01N)
• Removed BypassUACCommand due to compatibility with only Covenant (@Cx01N)

v5.10.2

[5.10.2] - 2024-05-05

• Updated Starkiller to v2.8.1

v5.10.1

[5.10.1] - 2024-04-26

• Updated Starkiller to v2.8.0

Added

• Added removal of starkiller directory to server reset (@Cx01N)

Fixed

• Fixed missing .NET 4.5 DLLs (@Cx01N)
• Fixed run_as_user issue when dealing with directories (@Cx01N)
• Fixed missing clr package for IronPython standard library (@Cx01N)

[5.10.0] - 2024-04-08

Added

• Added dependabot for github actions dependencies (@vinnybod)
• Added install option to ./ps-empire file (@Cx01N)
• Added auto pull options for submodules on startup (@Cx01N)
• Added hook and socket message to receive callback messages for individual agents (@AaronVigal)
• Added sacrificial Spawn Process bof (@Cx01N)
• Added suggested values to most modules (@Cx01N)
• Added continuous, error, and completed tasking statuses (@Cx01N)
• Added continuous and error plugin statuses (@Cx01N)
• Added Moriary module (@Cx01N)
• Added .NET 4.5 compile option (@Cx01N)

Changed

• Updated all dependencies (@vinnybod)
• Updated Dockerfile and install script to Python 3.12.2 (@vinnybod)
• Updated starkiller snyc to no longer require root (@Cx01N)
• Change file permissions for empire and listener logs to be non-root (@Cx01N)

Fixed

• Fixed issue loading openapi.json (@vinnybod)
• Fixed issue when False is given for options and option is appended with 'False' (@Cx01N)
• Fixed module generation error in ComputerDetails (@Cx01N)

v5.9.5

[5.9.5] - 2024-02-22

• Updated Starkiller to v2.7.3

v5.9.4

[5.9.4] - 2024-02-17

Fixed

• Fixed downloads for C# agent (@Cx01N)

v5.9.3

[5.9.3] - 2024-02-09

Added

• Added option to windows_macro stager to select Excel or Word and AutoOpen or AutoClose (@Cx01N)

Fixed

• Fixed obfuscation issue in Malleable HTTP listeners and added tests (@Cx01N)
• Fixed issue that invalid session IDs were accepted by the server (@Cx01N)
• Fixed skywalker exploit (again) and added tests (@Cx01N)

v5.9.2

[5.9.2] - 2024-01-31

• Updated Starkiller to v2.7.2

Fixed

• Fixed the ForeignKeyConstraint error when refreshing a directory that contains a file with a linked Download (@vinnybod)
• Downgraded bcrypt to version 4.0.1 to resolve issue in passlib (@Cx01N)

v5.9.1

[5.9.1] - 2024-01-25

Changed

• Convert agent task output to string before the BEFORE_TASKING_RESULT_HOOK (@vinnybod)
• Updated tasklist for powershell code to not throw error when GetOwner fails (@Cx01N)

Fixed

• Updated Uvicorn to fix issue where an open browser would cause the shutdown to hang (encode/uvicorn#2145) (@vinnybod)
• Fixed the fastapi app lifecycle not being properly called on shutdown (@vinnybod)
• Converted listener threads to daemons so they don't hang the shutdown in Python 3.12 and report RuntimeError: can't create new thread at interpreter shutdown (@vinnybod)
• Log warning about ps/ls hooks and filters not being able to parse the JSON output (@vinnybod)

[5.9.0] - 2024-01-20

Added

• Added validation and execution exceptions for modules to raise (@vinnybod)
• Added decorators for module generate functions to automatically get the module_source and call finalize_module (@vinnybod)
• Added execution exception to plugins (@vinnybod)
• Added RUF rules to ruff config (@vinnybod)
• Added SIM rules to ruff config (@vinnybod)
• Added BOF modules to Empire as yamls (@Cx01N)
  • Added ClipBoardWindow-Inject module
  • Added nanodump module
  • Added secinject module
  • Added tgtdelegation module
  • Added TrustedSec's SA modules
• Added custom certificate path to server config.yaml (@AaronVigal)

Deprecated

• Returning tuples from module generate functions is deprecated
  • To return a 400, raise a ModuleValidationException
  • To return a 500, raise a ModuleExecutionException
  • Stop using handle_error_message
• Returning tuples from plugin execution functions is deprecated
  • To return a 400, raise a PluginValidationException
  • To return a 500, raise a PluginExecutionException
• Loading plugins from a .plugin file is deprecated
  • Use a .py file with a plugin.yaml instead
• Extending the Plugin class is deprecated
  • Use the BasePlugin class instead

Changed

• Migrated some Pydantic and FastAPI usage away from deprecated features (@vinnybod)
• Updated the install script and Docker file from Python 3.12.0 to 3.12.1 (@vinnybod)
• Upgraded all dependencies with poetry up (@vinnybod)
• Plugin updates (@vinnybod)
  • Plugins have a plugin.yaml
  • Base plugin class is now BasePlugin
  • Updated plugin documentation
• Upgraded Black to 23.12.0 (@vinnybod)
• Upgraded Ruff to 0.1.9 (@vinnybod)
• Upgraded Seatbelt to 1.2.1 (@Cx01N)