In November, Kali announced a new program for supporting tool developers, which kicked off with sponsoring Byt3Bl33d3r. We are excited to announce that we will be partnering with Kali in this endeavor and believe that Kali’s program is a great thing for the longevity of open source projects and the infosec community. With these changes, beginning January, we will be granting Kali users and Sponsors 30-day exclusive early access to Empire and Starkiller before the code gets publicly released to our repositories, you can check out more in their blog post.
When we first started updating Empire, it was to explore the continued viability of an older framework. At the time, the original project was archived and our fork had initially been published to support Vinnybod, Cx01N, and Hubbl3’s DEFCON 27 workshop Introduction to Sandbox Evasion and AMSI Bypasses and Recon Village talk: Hack to Basics – Adapting Exploit Frameworks to Evade Microsoft ATP. The goal was to ensure that students had a working copy of Empire that highlighted how simple evasion updates allowed a well-known C2 framework to remain viable against some modern defenses.
In addition, Empire served as a platform for testing new ideas and concepts that were later adopted into the project: Multi-User Server, Malleable C2 Listener, Chat Server, etc. At some point along the way, our fork started to get some attention and Offensive Security reached out to us to see if we would be interested in updating it to Python 3 since Kali was moving away from Python 2.7. We’ve since finished that migration and continued to update Empire consistently with bug fixes and features, and it became the un(official) version of Empire.
After discussing some common preferences between users, we found that our team (and the community) was split between wanting to use Command Line Interfaces (CLIs) and Graphical User Interfaces (GUIs). After some arguing and finally agreeing that there is no right answer, Starkiller was born. Starkiller is our cross-platform GUI for Empire, which gives an option to those who prefer a GUI.
While maintaining these codebases has been fun, it takes a considerable amount of free time and is mostly a labor of love by Cx01N, Hubbl3, and Vinnybod. So this brought us to an interesting crossroads: How do we prioritize tool development and balance it with red team assessments and training?
There were many options that we entertained so we could continue to dedicate time to developing tools because we enjoy doing it and we want to maintain accessibility for the wider community. We finally landed on adopting Byt3bl33d3r’s sponsorware model. His framework is similar to what was outlined in Caleb Porzio’s Introduction of Sponsorware article, which allows developers to receive compensation for their tools through sponsorship.
Our initial rollout included sponsorship goals to work on features, since our team receives a couple of requests a week for custom tools and new features from hobbyists and large companies. As these goals were met, we would release these to the general public for everyone to enjoy. We granted sponsors access to some of the custom tools that we built for in-house use.
We currently give sponsors access to:
- Sponsor version of Starkiller (includes Chatrooms, GUI File Browser, Pop-out Windows, etc.)
- Pop-out windows were moved to the public repository after hitting our first goal of 5 sponsors.
- Empire plugins (ATT&CK Emulation, Custom PDF Reports, etc.)
This brings us to our newest endeavor with Offensive Security and Kali. Recently they began offering sponsorship opportunities towards the end of 2020, which we were lucky enough to be apart of. This partnership will give Kali and Sponsors 30-day exclusive early access to Empire and Starkiller prior to any major release. After that, we will publish the release on our public repository for anyone to access.
One of the biggest changes for us will be a more consistent release schedule. For most users, this won’t be changing much. What you will see now are fewer, more substantive releases. The flow for releasing features is quite a simple process…
In reality, not much is changing to the end-user. If you’d like to submit a pull request to Empire, you will still submit it to the dev branch on the public repository. If you just want to use Empire, you can pull the master branch (or tagged release) from GitHub or install and run it through Kali’s using:
sudo apt install powershell-empire sudo powershell-empire
But what about bug fixes?
We will be pushing out bug fixes to the private and public repos as they come out. We want to provide a great user experience to all and there will be NO delays to bug fix releases.
We have a lot of updates planned for Empire. Here are just a few that we have in the works:
- A new Empire CLI is currently in Open Beta and will be packaged with Empire in our upcoming release.
- We are in the process of rolling out the ability for users to use higher performance databases for team engagements.
- A C# agent is in the works, which will bring new capabilities to Empire.
- An interactive agent shell in Starkiller
Kali users and direct Sponsors will have 30 days of exclusive early access to the new Empire and Starkiller releases. After 30 days, we will push out the releases to the public repository. If you want to benefit from Kali’s 30-day exclusivity, just install Empire on Kali using
apt install powershell-empire and Starkiller using
apt install starkiller
Certain sponsor-only Starkiller features such as the file browser and chat widget will continue to be available only to sponsors until sponsorship goals are reached. When a goal is reached, the feature will be moved to Kali for 30 days and then released publicly.
The post Kali and BC Security Partnership appeared first on BC Security.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.