I've been messing around with Empire powershell post exploitation toolkit for a little while now. I've been "infecting" my home PC with a malicious payload and trying to gain persistence/admin access, etc. I have a small debian cloud server functioning as a listener for empire. I noticed I was not receiving any agent connections, despite having persistence on my home PC. I also noticed that the server seemed sluggish. I entered:
netstat -ptuna | grep 443 (port on which the listener is running)
and a random IP address originating in China was connected. I quickly killed the process and rebooted the server. On reboot I had the agents from my home PC repopulating. Was it possible that this IP address was intercepting my home agents? Should I wipe and reinstall my home computer? Should I create a new cloud server?
Thanks in advance for any help.
