Empire Ops

Empire Ops

Hands-on operator training for BC Security's Empire C2. Learn C2 fundamentals, listeners, stagers, agents, OPSEC, modules, bypasses, malleable C2, plugins, and more through scenario-driven labs.

Learn More Buy Now

Course Overview

Empire Ops is a practical, operator-focused course that teaches how to configure, operate, and extend the Empire C2 platform. You'll learn how to safely run listeners and stagers, manage multi-agent tasking, customize network traffic, build bypasses, and execute post-exploitation tradecraft through guided exercises and a final CTF.

Learn More

What You'll Learn

A structured, lab-driven curriculum that takes you from C2 fundamentals to advanced operations and customization.

Get Full Access

  • Enroll to unlock all lessons, hands-on labs, and the final CTF.

Background & Essentials

  • Core C2 concepts and operator OPSEC
  • Empire architecture and tooling: REST API, Starkiller
  • YAML-based workflows and configuration best practices

Listeners, Stagers, and Agents

  • HTTP and HTTP COM listeners: critical options and trade-offs
  • Staged vs. stageless launchers: when to use each
  • Payload builders: multi-launcher, executable, and shellcode
  • Agent families: PowerShell, Python, C#, and Go

Modules & Post-Exploitation

  • Situational awareness: Seatbelt, PortScan, SauronEye
  • Privilege escalation and persistence: UAC bypass, Get-System, scheduled tasks
  • Lateral movement: PsExec, PSRemoting
  • Credential access: Mimikatz, SharpChromium
  • Code execution: Invoke-Shellcode, Execute Assembly, BOF

Linux & Empire

  • Operating Linux agents and integrating workflows
  • Labs: command injection and privilege escalation
  • BYO stager patterns and Metasploit integration

Server Management & Customization

  • Obfuscation pipelines: Invoke-Obfuscation, keyword filtering
  • File, user, and module management; multi-agent tasking
  • Traffic profiles: agent fields, profile anatomy, malleable C2

Bypasses, Macros, Plugins, Integrations

  • AMSI.fail and custom bypass development
  • Macro stagers: creation and hardening
  • Plugin development with the event model; NXC plugin
  • Metasploit integration including EternalBlue

CTF & Wrap-Up

  • Final CTF to validate end-to-end tradecraft