Bc security releases empire 6.3.0 framework

On December 13, 2025, BC Security announced the release of Empire 6.3.0, the latest version of its open-source post-exploitation and adversary emulation framework. Designed for red teams and penetration testers, the tool provides a modular and scalable platform to simulate attack scenarios and test defenses.

Empire operates on a server/client model written in Python 3, supporting multiplayer engagements with fully encrypted communications. This allows multiple operators to collaborate while ensuring operational security. The framework includes a built-in client for remote access and integrates Starkiller, a GUI tool now bundled as a Git submodule, offering a web-based interface for managing operations via the API.

A major update in version 6.3.0 is expanded agent compatibility, supporting PowerShell, Python 3, C#, Go, and IronPython 3 agents. This enables deployment across diverse systems, including those restricting interpreted languages. The library features over 400 modules, such as Mimikatz for credential theft, Seatbelt for reconnaissance, Rubeus and Certify for privilege escalation, and SharpSploit for process injection. Operators can extend functionality through a custom plugin interface and use the integrated Roslyn compiler for C# assemblies.

Security evasion is bolstered with obfuscation frameworks like ConfuserEx 2 and Invoke-Obfuscation to mask payloads from antivirus and EDR solutions. It incorporates JA3/S and JARM evasion to avoid TLS fingerprinting, Donut for command-line shellcode generation, and in-memory .NET execution to reduce disk artifacts.

Installation is straightforward, compatible with Docker, Kali Linux, ParrotOS, Ubuntu, and Debian. Empire aligns with the MITRE ATT&CK framework, aiding teams in mapping behaviors to adversary techniques for accurate threat simulations. This release solidifies Empire's role as a key offensive security platform for ethical hacking and defense testing.