C# Modules

Empire uses Covenant's yamls to import modules and run them through the Roslyn compiler. C# tasks are broken into two parts for Covenant and Empire. Everything external to section Empire uses the formatting defined by Covenant's task, which additional documentation can be found here.

Empire Generation

C# modules have a section called Empire in the yamls that defines Empire specific setting. These options are internal to Empire and will not be sent to the compiler. The Empire section of the yaml uses a similar formatting scheme as Python and PowerShell modules and an example of Empire yaml is below. This setup is used in the ProcessInjection module.

    software: ''
    techniques:
      - ''
    background: true
    output_extension:
    needs_admin: false
    opsec_safe: false
    comments:
      - ''
    options:
        - name: ''
        description: ''
        required: true
        value: ''

Advanced Generation

custom_generate: For complex modules that require custom code that accesses Empire logic, such as lateral movement modules dynamically generating a listener launcher, a custom "generate" function can be used. To tell Empire to utilize the custom generate function, set advanced.custom_generate: true

Additional information about custom_generate can be found under the PowerShell Modules custom_generate.

PreviousPython Modules NextBOF Modules

Last updated 2 years ago