Introducing Core Impact Pro 2014 R2
With the release of Core Impact Pro 2014 R2, Core Security continues to provide the most comprehensive software solution for proactively assessing the security posture of any organization.
New capabilities released in Core Impact Pro 2014 R2 include:
- Android Agent and Post Exploitation Modules
- Windows Domain Information Gathering modules
- Windows Management Instrumentation support
- Wifi Pineapple Mark V Support for FakeAP
- Support for Tenable Security Center
- Network Attack Vector Enhancements
Android Agent and Post Exploitation Modules
As mobile technology usage and BYOD adoption increases across organizations, the mobile attack vector has drawn greater attention by attackers. On top of our current existing mobile functionality, this version of Core Impact Pro adds a java-based, HTTP back communication channel Android Agent. This agent can be used as standalone agent for phishing attacks, packed as an Android application, or as the communication channel as a post exploitation facilitator when exploiting mobile vulnerabilities.
Windows Domain Information Gathering modules
When attacking a Windows network, obtaining knowledge of the domain under attack helps prioritizing further actions. This new version of Core Impact Pro adds several Information Gathering modules aimed specifically for Windows domains. If you’re running an agent under a Windows domain account, or the Impact user has domain identities (e.g. NTLM hashes), Windows Domain IG Wizard provides and imports into the workspace:
- List of domain controllers
- List of trusted domains
- Domain account policies
- List of domain administrators
- List of domain users and groups
- List of machines joined to the domain
Windows Management Instrumentation support
Used by many types of malware and installed by default in Windows, WMI is the ideal way to interact with systems in a stealthy way. This version of Core Impact Pro allows you to:
- Install Agents using WMI – Using the source agent’s or user-specified administrator identities, an agent will be installed at the target system using WMI, without creating a Windows service and having the agent running as administrator.
- Agent-less Shell Access – Using the source agent’s or user-specified administrator identities, an interactive shell will be launched against the target using the WMI Win32_Process() class. This shell does not require an agent installed, hence being a stealthy way to interact with remote systems.
- Programmatically use WMI for persistence – for those users developing modules within our framework, Core Impact Pro now allows you to programmatically create WMI Event Consumers at target systems, used by many malwares for back-door creation.
Wifi Pineapple Mark V Support for FakeAP
Support for Tenable Security Center
This version of Core Impact Pro adds support for Tenable Security Center that can be used with our Vulnerability Scanner Validator Wizard. This importer allows connecting against the TSC system, selecting the scanner result you want to import and let Core Impact Pro commit the hosts and vulnerabilities for later validation.
Network Attack Vector Enhancements
Core Impact Pro adds new functionality to the network attack vector, including the following major items:
- Windows secrets and token manipulation – Pass-The-Hash and token manipulation are one of the easiest ways for attackers to escalate privileges and perform lateral movements inside a Windows network aiming at compromising as many systems as possible. In this version we’ve added Incognito and Mimikatz support (32 and 64 bits) and remote/local LSA, Cached Logon Credentials and SAM secrets extraction without injecting code in the target/local system on top of our existing PtH modules.
- HTTP/s Channel performance – This is one of the preferred communication channels used by attackers. We spent a lot of time improving this channel performance for Windows Agents, improving the amount of syscalls/second dramatically.