Introducing Core Impact Pro 2014 R2
With the release of Core Impact Pro 2014 R2, Core Security continues to provide the most comprehensive software solution for proactively assessing the security posture of any organization.
New capabilities released in Core Impact Pro 2014 R2 include:
- Android Agent and Post Exploitation Modules
- Windows Domain Information Gathering modules
- Windows Management Instrumentation support
- Wifi Pineapple Mark V Support for FakeAP
- Support for Tenable Security Center
- Network Attack Vector Enhancements
Android Agent and Post Exploitation Modules
Our Android Agent functionality currently supports the following capabilities:
- Shell access
- Get/Send SMS
- Make a phone call
- Contacts CRUD (Create Read Update Delete)
- Calls log info
- Geo-location/line number info
- Upload/Download files
Windows Domain Information Gathering modules
When attacking a Windows network, knowledge of the Domain under attack helps prioritize further actions. This new version of Core Impact Pro adds several Information Gathering modules specifically for Windows Domains. If you’re running on an agent under a Windows domain account, or the Core Impact Pro user has domain identities (e.g. NTLM hashes), Windows Domain IG Wizard provides and imports into the workspace:
- List of domain controllers
- List of trusted domains
- Domain account policies
- List of domain administrators
- List of domain users and groups
- List of machines joined to the domain
Windows Management Instrumentation support
Manipulated frequently by malware and installed by default in Windows, WMI is the ideal way to interact with systems in a stealthy way.
This version of Impact allows to:
- Install Agents using WMI: Using the source agent’s or user-specified Administrator identities, an agent can be installed at the target system using WMI, without creating a Windows Service and having the agent running as Administrator.
- Agent-less Shell Access: Using the source agent’s or user-specified Administrator identities, an interactive shell can be launched against the target using the WMI Win32_Process() class. This shell does not require an agent installed, hence being a stealthy way to interact with remote systems.
- Programmatically use WMI for persistence: for those users developing modules within our framework, Impact Pro now allows to programmatically create WMI Event Consumers at target systems, used by many malwares for back-door creation.
Wi-Fi Pineapple Mark V Support for Fake AP
Support for Tenable Security Center
This version of Core Impact Pro adds support for Tenable Security Center (TSC) that can be used with our Vulnerability Scanner Validator Wizard. This importer allows connecting against the TSC system, selecting the scanner result you want to import and let Core Impact Pro commit the hosts and vulnerabilities for later validation.
Network Attack Vector Enhancements
Core Impact Pro 2014 R2 adds new functionality to the network attack vector, including the following major items:
- Windows secrets and token manipulation: Pass-the-Hash (PtH) and token manipulation are one of the easiest ways for attackers to escalate privileges and perform lateral movements inside a Windows network aiming at compromising as many systems as possible. In this version we’ve added Incognito and Mimikatz support (32 and 64 bits) and remote/local LSA, Cached Logon Credentials and SAM secrets extraction without injecting code in the target/local system on top of our existing PtH modules.
- HTTP/s Channel performance: this is one of the preferred communication channels used by attackers. We spent a lot of time improving this channel performance for Windows Agents, significantly improving the amount of syscalls per second, which translates in a fastest interaction with the agent.