Agents in PowerShell Empire
An agent in PowerShell Empire is the persistent post-exploitation implant that runs on the compromised system after a successful stager has executed. It acts as the primary communication interface bet
Agents in PowerShell Empire
Role in the Attack Lifecycle
| Phase | Role of Agent |
|---|---|
| Post-Exploitation | Executes commands, scripts, modules |
| Persistence | Can survive reboots and re-establish communication |
| Lateral Movement | Facilitates spreading across a network |
| Exfiltration | Transfers sensitive data back to the C2 |
Lifecycle Overview
- Stager is executed on the target system.
- The stager downloads and executes the full agent.
- The agent establishes a secure, encrypted channel back to the Empire listener.
- The attacker can now:
- Run commands
- Upload/download files
- Move laterally
- Persist or clean up