CORE IMPACT PRO: Features and Benefits

Commercial-Grade Exploits

Offers the market’s broadest, most comprehensive library of commercial-grade vulnerability exploits, crafted by Core Security’s dedicated team of developers and constantly augmented to address emerging vulnerabilities and assure that tests will not affect production systems. Updated an average of 10-20 times per month, the exploit library allows testers to level a wide array of exploits at networks, endpoints, web applications and e-mail users to gain a firm grasp on their security posture and target subsequent remediation efforts.

• Automates time-consuming manual tasks related to exploit authoring and test execution.
• Allows organizations to augment reactive defense strategy with proactive security assessment and targeted remediation.
• Guarantees safe and effective penetration testing while minimizing potential disruptions to target systems.
• Enables users to test across multiple system configurations and attack vectors to simulate the same view that attackers have of IT assets.
• All exploits are continuously tested to ensure ongoing effectiveness as vulnerabilities change.
• New and updated exploits are provided on an ongoing basis, allowing users to test for the latest vulnerabilities.

Rapid Penetration Test (RPT)

Automates the traditionally manual penetration testing process using an intuitive graphical user interface (GUI) while allowing experienced testers to maximize their time and add repeatability and consistency to their work. Offers the fastest method to level a broad range of varied exploits at an environment to understand where its’ most significant risks reside.

The Rapid Penetration Test breaks the testing process down into six simple steps:

• Information Gathering
• Attack and Penetration
• Local Information Gathering
• Privilege Escalation
• Cleanup
• Report Generation

While standard RPT allows control over each step one at a time, the One-Step RPT allows all these steps to be run in one single action.

RPT is available for Network, Client and Web based security tests, while One-Step RPT is available for Network, Client and Vulnerability Validation tests.

• Allows testers to comprehensively assess the security of their entire network on a regular basis using widely acknowledged best practices.
• Testing can be performed in-house by IT staff without specialized security assessment skills.
• Ensures consistent, repeatable testing to establish a baseline and prove the efficacy of security systems and remediation efforts.
• Reduces costs by eliminating manual tasks.
• Speeds testing by launching multiple, simultaneous attacks.
• Automatically prompts testers when exploits may affect service performance and allows those tests to be omitted.

Comprehensive Information Gathering

Enables testers to carry out automated network discovery, OS detection, identification of services and more to scope out the breadth and makeup of the environments they are assessing and tailor subsequent exploits to address the unique aspects of their IT infrastructures.

• Allows testers to rapidly aggregate relevant data across multiple IT assets to accelerate the assessment and exploit targeting process.
• Eliminates the need to purchase supplemental tools to gather network information prior to testing.
• Safely utilizes a compromised target to gather information from within the network, without installing anything on the system.
• Provides valuable data that helps users prioritize remediation efforts to address their most critical vulnerabilities first.

User Credential Capturing

Allows testers to collect Windows password hashes in-memory, log keystrokes, sniff passwords and hashes, collect saved login credentials from popular applications such as Internet Explorer, Firefox and MSN, and install agents with valid username / password / hash combinations.

• Enables testers to easily leverage established user and network relationships to escalate attacks deeper into the network. This ensures more efficient and effective penetration tests.
• Directly simulates the same front-end investigation commonly performed by attackers before they come after your IT assets or end users.
• Provides a window into the types of information publicly available about an organization that could help attackers craft their assaults.

Comprehensive, 100% Python, MSRPC Library

Includes functionality for performing SMB, DCERPC over multiple transports, NTLM authentication, and remotely manipulating the Windows registry and Windows services.

• Gives testers the ability to emulate remote attacks against Microsoft Windows-based programs.
• Offers opportunity for testers to tailor onboard exploit code via extensible Python interface.
• Provides the ability to test the efficacy of application authentication systems.

Standard and Custom Reports

Provides precise actionable data about the targeted network and hosts, audits of all exploits performed, and details about proven vulnerabilities in clear, easily understood formats. Also assists in compliance efforts with complete audit trails and meets the needs of different constituencies with tailored reports for management, network administrators, remediation staff, etc. Exportable to other applications for customization and integration with other data.

• Allows for the creation of a centralized view of security posture to help prioritize subsequent remediation efforts.
• Helps illustrate lingering vulnerabilities to business and IT leaders to help validate existing and continued investment in security projects and systems.
• Illustrates due diligence to compliance auditors seeking proof that security controls are being tested and improved on a regular basis.

Summary and Detail Reports

Summary reports provide high level overview of the results of security tests for management while detailed reports provide the all of information from a test.

• Summary reports allow management  to see results without wading through technical details.
• Detail reports provide the information required for auditors to assure compliance and for IT staff to remediate problems found in concise, highly readable formats
• Offers flexibility to tailor content from multiple reports to meet the needs of varied audiences.

User Credential Capturing

Allows you to collect Windows password hashes in-memory, log keystrokes, sniff passwords and hashes, collect saved login credentials from popular applications such as Internet Explorer, Firefox and MSN, and install agents with valid username / password / hash combinations.

• Enables you to easily leverage established user and network relationships to escalate attacks deeper into the network. This ensures more efficient and effective penetration tests.

Integration with Vulnerability Scanners and Patch Management Tools

Improves the productivity and effectiveness of overall vulnerability management efforts with a single click by marrying scanner results with exploit simulation. Supports solutions including eEye Retina, GFI LANguard, IBM Internet Scanner, Lumension PatchLink Scan and PatchLink Update, Nessus, Nmap Security Scanner, Qualys QualysGuard, and PatchLink Update.

• Enables users to sort through lengthy scanner results to identify your organization’s most critical risks, validate the efficacy of defensive mechanisms, and eliminate time wasted on addressing false positives.
• Provides targeted intelligence to patch management systems allowing security workers to prioritize remediation efforts.
• Increases the ROI of other vulnerability management solutions by turning static results into actionable data.

Comprehensive and Constantly Updated User Documentation

Arms testers with all the instructions, FAQs and contextual data needed to best understand how to use IMPACT Pro and assess the scope of their testing activities.

• Allows testers to continue to expand their knowledge of the product and penetration testing to broaden their personal skill sets.
• Removes any ambiguity from the testing process by spelling out just how different exploits work.
• Provides users with instructions on how to best tailor IMPACT to address their unique environments.

Multistaged Attack Emulation

Mirrors the multi-vectored, privilege escalation and pivoting methods employed by today’s sophisticated hackers and malware authors, allowing organizations to identify the complex paths that attackers traverse across multiple layers of IT infrastructure to expose valuable backend data and systems.

• Gives testers the ability to see how multiple vulnerabilities across various assets can be exploited to dig deeper into IT infrastructure and access underlying systems.
• Mimics the activity of popular attacks such as injection attacks, Trojans, downloaders and botnets that expand their scope over time and target numerous vulnerabilities.
• Illustrates holes and points of failed integration across defensive security systems that allow multistaged attacks to infiltrate IT operations.
• Validates the efficacy of existing security measures in warding-off complex threats.
• Highlights potential regulatory compliance risks by revealing unaddressed channels to sensitive information.

Patented Agent Technology

Provides an interface to compromised systems, allowing testers to evaluate the risk from a successful breach. Agents allow testers to take the same actions an attacker would, including gathering additional system information, escalating access privileges, and attempting to compromise other resources using localized attacks.

• Demonstrates how specific vulnerabilities can be exploited, helping to differentiate real threats from false positives.
• Extends the breadth of penetration tests by allowing users to move deeper into the network leveraging network connections and trust relationships to emulate multistaged threats against increasingly sensitive systems. 
• Directly simulates popular stealth attacking methods used by today’s hackers and malware authors.
• No trace of penetration test remains on target systems, since agents run only in memory and can be removed whenever desired.

Agent Auto-Injection

Allows testers to maintain contact with a targeted workstation even if the compromised client software is restarted. Upon accessing a workstation, users can inject an agent into a new process outside of the exploited software and continue to gather information about the workstation and pivot attacks to other systems without interruption.

• Mirrors attackers’ attempts to keep their hooks into victimized systems, either to escalate attacks or maintain botnet control.
• Allows testers to carry out potential exploits while systems are being cycled in real-world usage scenarios.
• Validates the ability of existing authentication and perimeter defensive systems to cut off unauthorized external activity.

Traffic Masking

Simulates today’s stealthy malware and data theft techniques including robust Microsoft Remote Procedure Call (MSRPC) fragmentation and the penetration testing market’s first automated MSRPC traffic encryption.

• Provides an enhanced ability to test network defenses against increasingly sophisticated attacks.
• Directly mimics threat techniques used by Trojans and botnets to expand their footprint over time and hide activity via obfuscation methods.
• Highlights the ability of attempted data theft attacks to sneak protected data past perimeter defenses.

Graphical Mini-Shell and File Browser

Enables testers to run a command shell on any compromised system, just as an attacker would, even if the system does not have an accessible shell. In addition, the product's file browser allows users to view the file structure of compromised systems.

• Simulates sophisticated hacker and malware activity meant to execute code or overtake compromised systems.
• Allows testers to aim exploits at more secure systems.
• Enables users to gain access to vital information that can be used to carry out other exploit simulations.

Custom Exploit Scripting
 
Gives users the ability to review, customize and extend all exploits and modules, offering experienced penetration testers the ability to build off of the product’s library to create their own exploits and create exercises tailored specifically to their environments that can be saved for re-use. Written in completely open, standard, extensible Python.

• Allows testers to customize exploits for unique environments to address specific configurations and proprietary applications.
• Provides experienced red teams with an exploit framework they can use to apply  their high-level penetration testing skills.
• Offers less experienced testers an opportunity to hone their hand scripting techniques.

Component-based Payload Creation Library (LibEgg)
 
Enables exploit developers to easily create powerful payloads by combining pre-made and custom payload building blocks. Component model allows developers to focus on adding or customizing specific functionality rather than on re-creating complete payloads from scratch.

• Accelerates the exploit creation process by giving testers the ability to model common or unique threats in a modular fashion.
• Adds consistency to the testing process by using the same common building blocks employed by real-world attackers.
• Mirrors the exploit toolkit model used by many of today’s malware authors.

User-Created Macros

Enables testers to create macros using easy-to-use onboard wizards to automate simple tasks without requiring programming.

• Saves time by automating routine testing tasks and allowing testers to save their techniques for re-use.
• Gives testers increased ability to tailor tasks to unique environments and workflows.
• Lends consistency to the testing process, allowing testers to guarantee uniformity in their work and establish baselines to gauge changes and improvements over time.

Workspace Import and Export

Integrates with other security products by importing and exporting workspace information to XML and giving testers the ability to feed relevant data into the exploit simulation process.

• Allows for the use of critical contextual data by testers to tailor their exploits to meet their unique environments.
• Adds value to other security systems by utilizing data to identify and prioritize vulnerabilities.
• Helps address security data glut and sort through vulnerability data to identify critical areas of risk.

Module Debugging

Supports the use of open source debugging tools when testers are creating their own custom Python modules to address unique environments.

• Makes custom module development more efficient and reliable
• Allows for greater flexibility in designing modules
• Gives testers the ability to work with familiar debugging programs