BC Security

05/12/2026

ATE: Active Directory, is being offered at ! Come learn all the nuances behind delegation attacks, forest trusts, certificate abuse, and more! AD is one of the largest attack surfaces in modern environments, so upgrade those skills today.


Prices go up on May 22nd! Don't miss out!

https://blackhat.com/us-26/training/schedule/index.html -threat-emulation-active-directory-bhat-edition-50907

05/09/2026

Had a great time on the Offensive Security panel today. We had a lot of interesting questions from the audience. The most interesting one, though, was: "Do we expect to see auditors for things like SOC 2 start accepting AI-executed security assessments in the near future?"

The panel was evenly split. What are your thoughts on it?

05/04/2026

New to offensive security and not sure where to start? Or part of the blue team looking to get a broad overview of C2 infrastructure? Check out our new one-day course at Black Hat, RTE: Foundations of Command and Control. Learn the ins & outs of the core technology that attackers use today. Prices go up May 22nd!

https://blackhat.com/us-26/training/schedule/index.html -team-essentials-foundations-of-command-and-control-50958

04/27/2026

Empire 6.6.0 sponsors early access is live.

This is one of the biggest releases we've shipped. A new C agent, BOFs, and ATT&CK gap-filling modules, and serious performance work under the hood.

C agent (Cpire)
• A new lightweight C agent with full staging, encrypted communications, and task ex*****on. Shell, PowerShell, C #, BOFs, upload/download, and directory listing.

8 new BOF modules
• unhook — refresh DLLs to strip EDR/AV API hooks
• patchit — all-in-one AMSI + ETW patch/check/revert
• inject_amsi_bypass / inject_etw_bypass — remote-process bypass via syscalls
• credman — Credential Manager dump via SeTrustedCredManAccess
• handlekatz — handle-duplication LSASS dump
• bofroast — Kerberoasting without .NET CLR dependency
• nanodump — LSASS minidump via multiple evasion techniques (handle dup, process fork, snapshot, seclogon leak)

49 new modules (32 PowerShell, 17 Python)
• Built against Atomic Red Team to close ATT&CK coverage gaps: credential access, defense evasion, persistence, lateral movement, proxy ex*****on (mshta, CHM, CMSTP, InstallUtil, regasm, msiexec, rundll32, regsvr32), VM detection, BITS jobs, browser cookie theft, and more.

Scales cleanly under concurrent load
• Resolved DB pool exhaustion, unblocked the event loop across all 216 API endpoints, and isolated donut shellcode generation per-call to fix concurrency-driven failures.

Hardened obfuscation pipeline
• The Invoke-Obfuscation subprocess now runs with a configurable timeout, process group isolation, return-code checking, and graceful fallback to keyword obfuscation on failure. Eliminated double-obfuscation that was spawning a redundant PowerShell subprocess per task.

Plus roughly 20 more fixes across modules, agents, and core.

Sponsors get early access first; public release next month. Thanks to everyone supporting the project; your support is why these releases keep getting bigger.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Pe*******on Testers. - BC-SECURITY/Empire

04/24/2026

Back by popular demand, we will be teaching ATE: Active Directory again at this year! One of our most popular classes every year. Prices go up at the end of May, don't miss out!

https://blackhat.com/us-26/training/schedule/index.html -threat-emulation-active-directory-bhat-edition-50907

04/13/2026

Hat Events 2026 is offering 1-day courses for the first time ever & we are rolling out a brand new course as a result! RTE: Introduction to Ransomware Simulation. Come learn the workflows behind ransomware & the intricacies of crypto-theft. Taught by Jake Krasnov
Prices go up on May 22nd!

Black Hat USA 2026

04/07/2026

Empire v6.5 is live!
- 8 new modules across BOF/C #/PS/Python
- New C stager + PIC shellcode compiler for stage0 agent injection
- Patchless AMSI & ETW bypasses
- New Jobs tab on the agent page for managing background jobs
- Python 3.14 support

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Pe*******on Testers. - BC-SECURITY/Empire

04/01/2026

Introducing Starkiller Assistant! Our new AI-powered helper for Empire operators. It's like Clippy, but for C2. After months of R&D, early testers describe it as "confidently wrong" and "worse than no help at all." We're so proud.

03/16/2026

According to the SBA 60% of small businesses close within 6 months of a cyber breach, yet enterprise security testing often leaves organizations priced out.

That Gap shouldn't exist so we built SIMAPTIC! A fully automated internal network testing tool built on Empire.
→ Powered by Empire, trusted by Fortune 500s & gov agencies
→ Reports mapped to MITRE ATT&CK & NIST 800-53
→ On-demand. A fraction of the cost.

Every organization deserves to know where they stand. Now they can. Learn more about the tool in our blog below

We are introducing SIMAPTIC: an LLM-driven automated security assessment solution built on top of our open-source framework Empire, designed to make enterprise-grade security testing accessible to small businesses.

02/17/2026

Empire 6.4 is now public! Here are just a few updates:
- Added C # spawn module
- Auto-install for plugin marketplace
- New task display with parameters
- Added "Rerun Task" to Agents and Plugins
- Added customizable table headers
- Added Debian 13 support