• book demo
  • request trial

Core Impact Pro Vulnerability Exploits

Commercial-Grade Vulnerability Exploits You Can Trust

As the core component of any penetration test, an exploit is an attack intended to compromise a computer via a specific vulnerability. Exploits for code execution vulnerabilities are typically designed to deliver a payload that launches code on a target system.

Security professionals can obtain exploits from a variety of sources, but only Core Impact offers Commercial-Grade Exploits. Created in-house by a dedicated team of developers, all Core Impact exploits are guaranteed to be effective, comprehensive, stable and current. Most importantly, you can trust our Commercial-Grade Exploits to maintain the integrity of your organization's information assets.


Impact Exploits vs. Exploits from Other Sources

When determining where to obtain exploits for penetration testing, be sure to understand the benefits of using Commercial-Grade Exploits.

  Issues to Consider When Evaluating Exploits Exploits from Other Sources Core Impact Commercial-Grade Exploits

Security Risk

Do the exploits pose security risks to your organization?

Exploits may be ineffective, trigger denial of service attacks, or launch other types of malicious code.

Guaranteed to be secure and safe to run. All exploit payloads are benign, designed only to validate vulnerabilities and provide information to testers.

Target Coverage

 

 

Do the exploits test all system configurations on your network (e.g., operating systems, service packs, etc.)?

Typically created to only test a specific target configuration. (e.g., one service pack and OS version)

Each Core Impact exploit is created to test as many target OS configurations as possible.

Attack Vector Coverage

 

Are all possible paths of attack considered (e.g., different protocols, email, web pages, etc.)

Often limited to a specific, single attack vector.

Each Core Impact exploit is designed to test as many attack vectors as are appropriate for the target vulnerability.

Potential for Service Disruption

 

How likely are the exploits to stop vulnerable services on targeted systems?

Developers often take few or no measures to minimize potential disruptions. Could potentially leave a service or server unavailable

Core takes every opportunity to minimize service disruptions. For instance, users can simply choose to omit potentially disruptive exploits from any Core Impact penetration test.

In cases where an exploit might cause a minor disruption, additional research is performed to identify ways to minimize the disruption.

Quality Assurance

How extensively are the exploits tested to ensure effectiveness, stability and safety?

Only tested until the exploit can compromise a specific vulnerability under a specific execution condition. Exploit might require modification (e.g., re-writing code) to work, or it might not work at all.

New exploits developed by Core Security are subject to intensive testing against multiple targets, using multiple connection methods. After releasing an approved exploit, test cases are automated and executed on a periodic basis in order to certify the quality and reliability of our exploits throughout their lifecycle. Core Security continuously improves every exploit that we produce.

New Exploit Delivery

Are new exploits released in a consistent and timely fashion?

Exploits are usually not released in a regular or timely fashion.

New exploits are released an average of four to eight times per month. All Core Impact exploits allow users to execute code on compromised machines.

Updates of Existing Exploits

How frequently are updates released?

Updates are usually non-existent, since testing stops once the initial goal for the exploit is achieved.

All Core Impact exploits are constantly re-evaluated for potential updates to take advantage of new functionality, new attack vectors and reliability improvements. Exploits are typically updated three to six times per year.

Developer Profile

Are the exploits from a reliable, lawful source?

Can be unknown or developed by an independent vulnerability researcher just to prove that a vulnerability exists.

Created by a dedicated team of in-house exploit developers with several years of experience.

Technical Support

What level of assistance is available for specific exploits?

Getting help from independent developers may be impossible, and obtaining vendor assistance can be difficult if their exploits are developed by a third party.

Core develops all of its exploits in-house to control quality and to be able to offer complete technical support. Our support team can provide assistance with any of our exploits.

Next Steps

Book DemoRequest Trial

SHARE