BC Security

Empire 6.6.0 sponsors early access is live. This is one of the biggest releases we've shipped. A new C agent, BOFs, and ATT&CK gap-filling modules, and serious performance work under the hood. C agent (Cpire) • A new lightweight C agent with full staging, encrypted communications, and task execution. Shell, PowerShell, C#, BOFs, upload/download, and directory listing. 8 new BOF modules • unhook — refresh DLLs to strip EDR/AV API hooks • patchit — all-in-one AMSI + ETW patch/check/revert • inject_amsi_bypass / inject_etw_bypass — remote-process bypass via syscalls • credman — Credential Manager dump via SeTrustedCredManAccess • handlekatz — handle-duplication LSASS dump • bofroast — Kerberoasting without .NET CLR dependency • nanodump — LSASS minidump via multiple evasion techniques (handle dup, process fork, snapshot, seclogon leak) 49 new modules (32 PowerShell, 17 Python) • Built against Atomic Red Team to close ATT&CK coverage gaps: credential access, defense evasion, persistence, lateral movement, proxy execution (mshta, CHM, CMSTP, InstallUtil, regasm, msiexec, rundll32, regsvr32), VM detection, BITS jobs, browser cookie theft, and more. Scales cleanly under concurrent load • Resolved DB pool exhaustion, unblocked the event loop across all 216 API endpoints, and isolated donut shellcode generation per-call to fix concurrency-driven failures. Hardened obfuscation pipeline • The Invoke-Obfuscation subprocess now runs with a configurable timeout, process group isolation, return-code checking, and graceful fallback to keyword obfuscation on failure. Eliminated double-obfuscation that was spawning a redundant PowerShell subprocess per task. Plus roughly 20 more fixes across modules, agents, and core. Sponsors get early access first; public release next month. Thanks to everyone supporting the project; your support is why these releases keep getting bigger. #redteam #offsec #infosec #adversaryemulation #empire https://lnkd.in/gRSvmRQ

Back by popular demand, we will be teaching ATE: Active Directory again at #BHUSA this year! One of our most popular classes every year. Prices go up at the end of May, don't miss out! https://lnkd.in/e7gybyr7

Black Hat 2026 is offering 1-day courses for the first time ever & we are rolling out a brand new course as a result! RTE: Introduction to Ransomware Simulation. Come learn the workflows behind ransomware & the intricacies of crypto-theft. Taught by Jake Krasnov Prices go up on May 22nd! https://lnkd.in/e3sE5aA6

Empire v6.5 is live! - 8 new modules across BOF/C#/PS/Python - New C stager + PIC shellcode compiler for stage0 agent injection - Patchless AMSI & ETW bypasses - New Jobs tab on the agent page for managing background jobs - Python 3.14 support https://lnkd.in/gRSvmRQ

Introducing Starkiller Assistant! Our new AI-powered helper for Empire operators. It's like Clippy, but for C2. After months of R&D, early testers describe it as "confidently wrong" and "worse than no help at all." We're so proud.

According to the SBA 60% of small businesses close within 6 months of a cyber breach, yet enterprise security testing often leaves organizations priced out. That Gap shouldn't exist so we built SIMAPTIC! A fully automated internal network testing tool built on Empire. → Powered by Empire, trusted by Fortune 500s & gov agencies → Reports mapped to MITRE ATT&CK & NIST 800-53 → On-demand. A fraction of the cost. Every organization deserves to know where they stand. Now they can. Learn more about the tool in our blog below https://lnkd.in/e2NDipVi

Empire 6.4 is now public! Here are just a few updates: - Added C# spawn module - Auto-install for plugin marketplace - New task display with parameters - Added "Rerun Task" to Agents and Plugins - Added customizable table headers - Added Debian 13 support

Cyber on the rise: In 2025, Taiwan experienced an average of 2.6 million daily cyberattacks on critical infrastructure, from hospitals to energy systems, up from the previous year. Many of these incidents were tied to broader military and political pressure. https://lnkd.in/gXDiXZmQ It’s a massive reminder that cyber threats aren’t abstract. They’re persistent, strategic, and evolving. Staying proactive about defense and awareness isn’t optional anymore.

New year, new site, new tool! We’ve refreshed the BC Security website and introduced SIMAPTIC, our continuous threat-exposure and validation platform that simulates multi-stage attacks and provides teams with real signals they can act on. https://simaptic.ai/ Check it out and let’s make 2026 the year we outpace the adversary. https://bcsecurity.io/

Happy Holidays from all of us at BC Security! As the year winds down, we just want to say thanks to our clients, partners, and the awesome community around us. Your support means everything, and it’s what keeps us building, learning, and doing what we love. From research and innovation to training the next wave of defenders, it’s been a busy (and fun) year. We’re grateful to be part of such a solid community and excited about what’s coming next. Hope you get some well-earned downtime, good food, and a chance to recharge. Wishing you a great holiday season and an even better New Year.