PowerShell Empire
E192912
PowerShell Empire is a post-exploitation and adversary emulation framework that leverages PowerShell for stealthy command-and-control and offensive security operations.
All labels observed (1)
| Label | Occurrences |
|---|---|
| PowerShell Empire canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1717799 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: PowerShell Empire Context triple: [Kali Linux, includesTool, PowerShell Empire]
-
A.
PowerShell
PowerShell is a task automation and configuration management framework from Microsoft, featuring a powerful command-line shell and scripting language built on .NET.
-
B.
Carnegie Mellon University Red Team
The Carnegie Mellon University Red Team was a pioneering robotics group from Carnegie Mellon that developed autonomous vehicles and gained prominence for its strong performance in DARPA’s early self-driving car competitions.
-
C.
SolarWinds
SolarWinds is an American software company best known for its IT infrastructure management tools and for being at the center of a major 2020 supply-chain cyberattack.
-
D.
Kali Linux
Kali Linux is a Debian-based Linux distribution specifically designed for digital forensics and penetration testing, widely used by security professionals and ethical hackers.
-
E.
Reaver (WPS attack tool)
Reaver is a specialized Wi-Fi security tool designed to exploit vulnerabilities in the WPS (Wi-Fi Protected Setup) protocol in order to recover WPA/WPA2 passphrases.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: PowerShell Empire Target entity description: PowerShell Empire is a post-exploitation and adversary emulation framework that leverages PowerShell for stealthy command-and-control and offensive security operations.
-
A.
PowerShell
PowerShell is a task automation and configuration management framework from Microsoft, featuring a powerful command-line shell and scripting language built on .NET.
-
B.
Carnegie Mellon University Red Team
The Carnegie Mellon University Red Team was a pioneering robotics group from Carnegie Mellon that developed autonomous vehicles and gained prominence for its strong performance in DARPA’s early self-driving car competitions.
-
C.
SolarWinds
SolarWinds is an American software company best known for its IT infrastructure management tools and for being at the center of a major 2020 supply-chain cyberattack.
-
D.
Kali Linux
Kali Linux is a Debian-based Linux distribution specifically designed for digital forensics and penetration testing, widely used by security professionals and ethical hackers.
-
E.
Reaver (WPS attack tool)
Reaver is a specialized Wi-Fi security tool designed to exploit vulnerabilities in the WPS (Wi-Fi Protected Setup) protocol in order to recover WPA/WPA2 passphrases.
- F. None of above. chosen
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf |
adversary emulation framework
ⓘ
command-and-control framework ⓘ offensive security tool ⓘ post-exploitation framework ⓘ |
| developedFor |
penetration testing
ⓘ
red team operations ⓘ security research ⓘ |
| feature |
HTTP C2 channel
ⓘ
HTTPS C2 channel ⓘ Mimikatz integration ⓘ PowerShell agent ⓘ credential harvesting ⓘ encrypted communications ⓘ fileless post-exploitation ⓘ lateral movement ⓘ listener management ⓘ modular architecture ⓘ named pipe C2 channel ⓘ obfuscation options ⓘ persistence mechanisms ⓘ plugin system ⓘ stager generation ⓘ staging over PowerShell ⓘ |
| hasComponent |
Empire agent
ⓘ
Empire listeners ⓘ Empire modules ⓘ Empire server ⓘ |
| isWrittenIn |
PowerShell
ⓘ
Python ⓘ |
| license |
BSD license
ⓘ
surface form:
BSD 3-Clause License
|
| primaryUse |
adversary emulation
ⓘ
command and control ⓘ post-exploitation ⓘ red teaming ⓘ |
| programmingLanguage | PowerShell ⓘ |
| securityDomain |
offensive security
ⓘ
post-exploitation ⓘ |
| supportsOperation |
bypass of application whitelisting
ⓘ
data exfiltration ⓘ keylogging ⓘ network reconnaissance ⓘ pivoting ⓘ privilege escalation ⓘ script execution ⓘ shell command execution ⓘ |
| supportsPlatform |
Linux
ⓘ
Windows ⓘ macOS ⓘ |
| usesTechnology |
.NET Framework
ⓘ
PowerShell Remoting ⓘ Windows management infrastructure ⓘ
surface form:
Windows Management Instrumentation
|
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: PowerShell Empire Description of subject: PowerShell Empire is a post-exploitation and adversary emulation framework that leverages PowerShell for stealthy command-and-control and offensive security operations.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.