How to kill an agent and stop it from connecting back after reboot in powershell EMPIRE? (completely remove it from every where, including registry keys)

I'm studying EMPIRE in my lab ENV and I'm trying to kill/remove an agent/infected computer to delete whatever it has done (registry keys for auto startup and such) and kill itself, basically i want it to stop trying to connect back and kill it too

but the problem is even when i remove or kill it, or type exit inside my agent, it still connects back after rebooting!

so how do red teamers remove their stuff after the mission is done? because I'm sure they are not gonna leave their agents behind after its finished, so how should i remove it completely? don't tell me i have to manually remove registry keys and such for it to stop, because if so, then what if I'm using a different persistent methods!

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s