Empire 5.8 and Starkiller 2.7 – Recap and Highlights

We recently released Empire 5.8 and Starkiller 2.7. Sometimes, we forget to highlight the cool new features or changes as they release. So, in addition to covering the Empire 5.8 / Starkiller 2.7 changes, this will also recap some of the things from the recent releases you may have missed.

The full changelogs can be found here: Empire | Starkiller

Tags – Empire 5.6 / Starkiller 2.5

This allows arbitrary tagging of different elements within Empire, allowing operators to keep their engagement organized. It also enables automation for plugins. There’s more detail on this in the tagging blog post.

Tagging feature in Starkiller

Notifications – Starkiller 2.6

Previously, real-time alerts would pop up in the corner of Starkiller. And while this might work for a small one-person engagement, it doesn’t scale very well when multiple operators and lots of events are firing. So now all the events are nice and tidy within the notification bell and can be viewed on the notifications page.

Notifications in Starkiller

Subscribing to Agent Task Results – Starkiller 2.6

This change to notifications enabled us to allow all the task results to go to the notifications page. Operators can also subscribe/unsubscribe to individual agents.

Subscribe and unsubscribe to agent results

A much-requested feature. The Starkiller homepage for the sponsors’ build is a dashboard giving top-level data about agents, listeners, and credentials.

Sponsor dashboard overview

Sponsor dashboard details

Starkiller Terminal – Starkiller 2.6

Sponsors have had a version of this feature for a while now, but we’ve made it better and rolled it out to the public version now as well. The terminal allows for executing shell commands, modules, and most things available from the “interact” menu on the Empire client — type shell to drop into an “interactive” mode.

Starkiller terminal

ANSI Formatting – Starkiller 2.4

Some modules will output their data with ANSI coloring. Previously, Starkiller would display the ANSI codes as text. Now, the task outputs display ANSI coloring.

ANSI color formatting

Advanced Filtering – Starkiller 2.5

The advanced filtering widget has been expanded to most list views.

Advanced filtering

IronPython SMB Agents/Listeners – Empire 5.5

We have noticed for a while that Empire has been missing an important peer-to-peer lateral technique. Since we have been shifting a lot of our TTPs in Empire to focus on IronPython, we incorporated an SMB agent that allows multiple IronPython agents to communicate with one another.

IronPython SMB agent

Python Obfuscation – Empire 5.5

Most Linux endpoints aren’t running an EDR solution, but in the rare case you do encounter one, Empire now includes Python obfuscation for agents and modules.

Python obfuscation

Exegol – Empire 5.8

Exegol is a community-driven hacking environment powered by Docker and Python. Empire has recently been added to its arsenal of tools!

General Install Maintenance – Empire 5.8

Empire 5.8 is very much a housekeeping update. Just take a look at the changelog

There are lots of dependency updates, a revamp of the install script, changes to help support Exegol, Python version support updates (added 3.12, removed 3.8 & 3.9), Debian 12 support, and an ARM64 Docker image! Also, new linting rules, listener refactoring, and rewritten Python agent code.

Overhaul of the IronPython and Python Agent Code – Empire 5.8

The Python agent code has been neglected for quite some time, and it finally got a complete overhaul. We broke out functionality into Staging and MainAgent code, providing consistency and allowing different communication profiles to be easily dropped in.

IronPython and Python agent overhaul

Preview – Beta Empire Launcher

With the amount of work it takes to maintain a multi-Linux-flavor install script, we looked at alternatives. We have Docker images, but the documentation on how to use them is spotty, and we still recommend the install script as the preferred method.

The Empire Launcher aims to simplify this process — one bash command installs the launcher, a thin wrapper around Docker Compose. From there:

  • empire up spins up an Empire instance and MySQL database
  • empire down turns it off
  • empire destroy wipes it all

Additional commands support dumping the database, tailing logs, and using the client.

If this sounds interesting to you, and you want to provide early feedback, it’s available on the BC-SECURITY/Empire-Launcher dev branch. Feedback can be shared in our Discord!

Empire Launcher preview

Business Goals

Ready to Transform Your Business?

Partner with our team of experts to unlock your business’s full potential. Schedule your free consultation and discover how we can help you.

Ready to Transform Your Business?
00 +
Years of Experience
Ready to Transform Your Business?