Building on the foundation of Impact Pro 2013 R1 Core Security continues to provide timely and frequent updates to the most comprehensive software solution for proactively assessing the security posture of any organization. Impact 2013 R1 included the following new capabilities:
New capabilities released in CORE Impact 2013 R1 include:
- Network Remediation Validator
- DNS Communication Channel
- Agent Redeploy
- Teaming with CORE Impact
- Network IG & AP Module
- Reporting Enhancements
CORE Impact 2013 R1.4 Release Features
With the release of Impact 2013 R1.4 Core Security introduces major updates to product feautres as well as adding dozens of new exploits:
- Ability to import the results of a the most recent version of Qualys Web Application Scanner output
- Ability to import identities from Mimikatz
- Update “Mitigation Report” that now allows you to track the evolution of detected exposures
- More than 30 new exploits
- Several performance improvements on Information Gathering modules
- Support for integrating CORE Impact with Metasploit 4.7
- Additional maintenance and bug fixing modules
- Added DNS Channel support for Single-Stage Windows x86-64 agents
With the release of Impact 2013 R1 Core Security has continued to build comprehensive testing and post exploitation capabilities into Impact. With further enhancements for 64bit, IPv6 and agent communication support.
Vuln Scanner Import
Scanning applications can provide a key component to the vulnerability management process by helping you to understand your organization's potential vulnerabilities. Penetration testing with CORE Impact builds on this process by identifying which vulnerabilities are real, while determining if and how they can be exploited. This gives you the information you need to intelligently prioritize remediation efforts and effectively allocate security resources.
2013 R1 extends the supported scanner with improvements on the ability to import from Nmap, Nessus and QualysGuard.
RPT Wizard Improvement
CORE Security was the first to add automation to Penetration Testing with the introduction of the Rapid Penetration Test (RPT) capabilities. With 2013 R1 the Network Attack and Penetration wizard has improvements to better ensure the right amount of testing is carried out when needed.
As a living framework the constant release of new and relevant exploits are critical. With a full time internally staffed Exploit Writing Team and QA team 2013 R1.3 includes over 30 new exploits and updates.
On Going Improvements
CORE Security has a dedication to excellence; as part of this philosophy updates to maintain and improve existing functionality are delivered. With 2013 R1 improvements have been made to the 64bit target support, ability to temporarily deploy PCAP on compromised machines and many other improvements.
Network Remediation Validation
After risks have been identified within an organization's infrastructure and the issues have been reported to and remediated by the IT team, it is good practice to validate those issues in order to confirm the remediation efforts and the compensating controls applied have actually eliminated those risks. With CORE Impact's Network Remediation Validation wizard, a quick retest option is available for previously identified network risks that confirm the risks have been remediated appropriately and the vulnerability management cycle is closed.
DNS Communication Channel
As organizations start to lock down the network communications allowed within their environment and restricting the protocols that can leave an environment the protocol used to communication with an agent on a targeted machine becomes more important. With 2013 R1 Impact has added the ability to communicate using the DNS protocol to agents deployed using a specific set of modules. By leveraging the DNS protocol Agents will be able to communicate anywhere that DNS is allowed to pass through on the network.
Previously when an agent was disconnected, Impact required a manual test to place a new agent on the target machine. This would involve reviewing the "Quick Info" information for the agent to determine what technique was used to deploy it on the target, and potentially reviewing module logs for specific parameter information. With 2013 R1 is a 'Redeploy' option. It is available as a module and a Right Click action on a disconnected agent. Selecting Redeploy will cause Impact to rerun the original module (with the original parameters) and attempt to deploy the same agent in the same manner as the selected agent was deployed.
CloudCypher is a paid online service created and managed by CORE and held within Amazon Web Services. This feature works with Windows NTLM Hashes discovered by Impact during testing and attempts to determine plaintext passwords for those hashes. Any passwords that are determined will be passed back to the Impact workspace that requested them. This is done through the use of modules, the original module that submitted the hashes should be used to retrieve the resulting passwords. These obtained passwords can then be used for additional security testing. This feature will be offered as a temporary trial for all of our existing customers.
Teaming with CORE Impact
Now multiple security testers will have the capability of interacting in the same workplace against the same environment across multiple copies of Impact. This ability allows a security team to have a common view of the network targets that have been found and compromised. Network entities can be marked as assigned to specific team members and members can filter their view to only see those targets. This highly-requested capability will enable your team to work together effectively and efficiently as a Red Team. This feature can also be used for over the shoulder observation for training or monitoring purposes.
Network IG & AP Module
CORE Impact now displays Progress information as the Information Gathering and Attack and Penetration wizards execute against networks. This enhancement monitors the progress of security testing as exploits and tests are being executed. With these additional features, Impact will demonstrate in a user-friendly and graphical manner exactly what is being executed in real-time.
A typical security assessment can cover hundreds of hosts, but often the tester wants to provide a report on a subset of the targets hosts to a specific business owner. With Impact 2013 R1, report selection is available for reporting on specific hosts needed rather than having to run the report on all hosts within the workspace. Reports that support this capability include:
- PCI Vulnerability Validation Report
- Vulnerability Validation Report
- Host Report
- Host Based Activity Report
- Vulnerability Report
- Wellness Report
About CORE Impact Pro
CORE Impact® Pro is the most comprehensive software solution for assessing the real-world security of web applications, network systems, endpoint systems, email users, mobile devices, wireless networks, and network devices. Backed by CORE Security’s ongoing vulnerability research, Impact Pro allows you to take security testing to the next level by safely replicating a broad range of data breach threats. As a result, you can identify exactly where and how your organization’s critical data can be breached. Learn more about CORE Impact Pro penetration testing software at www.coresecurity.com/core-impact-pro.