This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
View analytic
Wednesday, August 3 • 17:00 - 18:00
Building an EmPyre with Python.

Sign up or log in to save this to your schedule and see who's attending!

Many companies are deploying an increasing number of OS X hosts in their corporate networks, presenting a challenge to pentesters traditionally accustomed to Windows toolsets and tradecraft. Red teaming begets creativity, however, and if you encounter a Mac-heavy environment on an engagement, one must adapt and rise to the occasion.

This presentation covers our custom remote access tool, EmPyre, that we built in response to this very challenge. EmPyre is a Python-based RAT heavily focused towards OS X and built on the same secure communications and flexible architecture of the PowerShell Empire project. EmPyre features post-ex modules including keylogging, hash dumping, clipboard stealing, network situational awareness, lateral spread and more, as well as stager options ranging from macros to dylibs. We will also cover components of Mac tradecraft and how one can utilize EmPyre to execute a complete engagement in a predominantly OS X environment.


Steve Borosh

Penetration Tester /Red Teamer, Veris Group, LLC
avatar for Alexander Rymdeko-Harvey

Alexander Rymdeko-Harvey

Penetration Tester /Red Teamer, Veris Group, LLC
Alex Rymdeko-Harvey (@killswitch_gui) is a previous U.S. Army Soldier who recently transitioned and currently works at the Adaptive Threat Division at Veris Group as a penetration tester and red teamer. Alex has a wide range of skills and experience from offensive to defensive operations taking place in today's modern environments.
avatar for Will Schroeder

Will Schroeder

Security Researcher, Adaptive Threat Division, Veris Group, LLC
Will Schroeder (@harmj0y) is a security researcher and pentester/red-teamer for Veris Group’s Adaptive Threat Division. He is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a co-founder and core developer of the PowerShell post-exploitation agent Empire. He has presented at a number of security conferences on topics spanning AV-evasion, post-exploitation, red... Read More →

Wednesday August 3, 2016 17:00 - 18:00
Breaking Ground Florentine A