Using PowerShell Empire with a Trusted Certificate
Summary
This article from Black Hills Information Security discusses techniques for using PowerShell Empire with a trusted certificate and non-default options to improve the success rate of network sessions. It provides instructions on how to achieve this for better evasion.
IFF Assessment
The article describes a method for using a known post-exploitation framework (PowerShell Empire) in a way that increases its chances of success, which is beneficial for attackers and thus bad news for defenders.
Defender Context
This article highlights a technique that can be used by adversaries to improve the stealth and effectiveness of post-exploitation activities using PowerShell Empire. Defenders should be aware of the potential for trusted certificates to be misused and monitor for unusual PowerShell activity, especially when combined with non-default framework configurations.