Building an EmPyre with Python.

Presented at BSidesLV 2016, Aug. 3, 2016, 5 p.m. (60 minutes)

Many companies are deploying an increasing number of OS X hosts in their corporate networks, presenting a challenge to pentesters traditionally accustomed to Windows toolsets and tradecraft. Red teaming begets creativity, however, and if you encounter a Mac-heavy environment on an engagement, one must adapt and rise to the occasion. This presentation covers our custom remote access tool, EmPyre, that we built in response to this very challenge. EmPyre is a Python-based RAT heavily focused towards OS X and built on the same secure communications and flexible architecture of the PowerShell Empire project. EmPyre features post-ex modules including keylogging, hash dumping, clipboard stealing, network situational awareness, lateral spread and more, as well as stager options ranging from macros to dylibs. We will also cover components of Mac tradecraft and how one can utilize EmPyre to execute a complete engagement in a predominantly OS X environment.


  • Will Schroeder / @harmj0y - Security Researcher, Adaptive Threat Division - Veris Group, LLC   as Will Schroeder
    Will Schroeder (@harmj0y) is a security researcher and pentester/red-teamer for Veris Group's Adaptive Threat Division. He is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a co-founder and core developer of the PowerShell post-exploitation agent Empire. He has presented at a number of security conferences on topics spanning AV-evasion, post-exploitation, red teaming, offensive PowerShell, and more. A former national lab security researcher, he is happy to finally be in the private sector.
  • Alexander Rymdeko-Harvey - Penetration Tester /Red Teamer - Veris Group, LLC
    Alex Rymdeko-Harvey (@killswitch_gui) is a previous U.S. Army Soldier who recently transitioned and currently works at the Adaptive Threat Division at Veris Group as a penetration tester and red teamer. Alex has a wide range of skills and experience from offensive to defensive operations taking place in today's modern environments.
  • Steve Borosh - Penetration Tester /Red Teamer - Veris Group, LLC