Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow

DerbyCon 8.0 - Evolution

Presented by: Walter Legowski
Date: Friday October 05, 2018
Time: 12:00 - 12:50
Location: Kentucky E
Track: Track 3

Empire & BloodHound are two great Post-Exploitation Tools. Since I am a PowerShell fanboy, I decided to glue them together, just to see what could happen... and so I created 3 modules: EmpireStrike - to control Empire Server(s). CypherDog - to interact with the BloodHound Database. EmpireDog - to automate CypherDog/EmpireStrike interactions. In this presentation I will demonstrate how to add the Empire infrastructure to the BloodHound Graph and control both BloodHound & multiple Empire servers from a single PowerShell prompt, with changes to Empire automatically reflected in the BloodHound Database and Graph.

Walter Legowski

French guy living in the Netherlands. PowerShell Automation Engineer by day, n00bing around InfoSec by night. Like Lego Bricks, Tools-Tools-Tools, and PowerShell. Like to build things to challenge myself and learn new stuff. Spoke at BSides Amsterdam, PSConfAsia & PSConfEurope. Won the photoshop face-swap contest last year and thus needed to find another way to come to Derby this year.Really would love to get Iced... so made a really cool tool.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats