Which capability allows Empire to operate without launching a PowerShell executable by injecting into other processes?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which capability allows Empire to operate without launching a PowerShell executable by injecting into other processes?

Explanation:
Code injection into a running process lets Empire run its payload inside the target’s memory space, so no separate PowerShell executable is spawned. By loading a DLL into an already‑running process, the agent executes under that process’s context, avoiding a new powershell.exe host and making the operation more stealthy. This in‑memory, process‑injection approach is what enables Empire to function without launching PowerShell. Other options would either start a new process (a standalone executable) or rely on different remote execution methods that don’t achieve the same in‑process execution.

Code injection into a running process lets Empire run its payload inside the target’s memory space, so no separate PowerShell executable is spawned. By loading a DLL into an already‑running process, the agent executes under that process’s context, avoiding a new powershell.exe host and making the operation more stealthy. This in‑memory, process‑injection approach is what enables Empire to function without launching PowerShell. Other options would either start a new process (a standalone executable) or rely on different remote execution methods that don’t achieve the same in‑process execution.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy