As network security continues to harden, it's no surprise that cyber criminals have shifted their attack techniques to focus on applications and end users. Both are much easier to exploit given their respective dynamic existence and natural curiosity-with each providing numerous pathways into and around the broader IT infrastructure where sensitive and valuable data resides.
With the release of version 12.5, CORE Impact® Pro takes vulnerability assessment and testing far beyond traditional exploitation -- allowing commercial and government organizations to actively and accurately test the security of their network and application infrastructure using the same Advanced Persistent Threat and password-based techniques employed by cyber attackers.
CORE Impact Pro's new Identity Manager capabilities are more comprehensive than any other solution available today with automatic Identity discovery as part of standard Rapid Penetration Test operations, automatic agent deployment via supported protocols when an Identity is validated, and easy graphical interaction with Identities when needed.
In addition to Identity Manager, CORE Impact v12.5 new capabilities include:
- Rapid Penetration Test (RPT) Assisted Start Guide
- Updated Agent Communications
- Enhanced Performance
Identity Manager & Password Repository
CORE Impact’s Identity Manager learns identities, usernames and passwords, SSH keys, cookies and other pieces of information that can be used to gain control of systems in an environment. As always with Impact Pro the implementation is deep and well thought out. With Impact Pro, there are three states within which identities can exist:
- A Partial Identity represents situations when a user learns a list of usernames for an environment but not the corresponding password. Impact Pro will automatically combine those usernames with either the built-in and ranked password list or a user-supplied password list.
- A Complete Identity represents the situation when a module has learned all the information needed to authenticate to a system but the machines or parts of the environments those identities are applicable for are yet to be determined.
- A Verified Identity representsusernames and passwords that have been confirmed to work on machines inside the testing environment.
Identity Manager capabilities are built directly into CORE Impact Pro’s attack and penetration methods, making the use of Identity Manager simple and straight-forward. In addition, Impact Pro will attempt to automatically take control of systems when a valid Identity is learned for that system. You can also quickly and easily reuse that newly discovered valid identity against all other system in the environment to rapidly take control of them also.
RPT-Assisted Start Guide
The new RPT-Assisted Start Guide is designed to offer you and your fellow users ‘just in time’ help as you use the product. The assisted start guide will appear as you're starting to use Impact Pro and provide you with information that's relative to the actions you're trying to perform. It can be used as a walkthrough to ensure that you're performing the most complete test possible without needing to learn the ins and outs of the product or it can be interacted with to provide in depth detail about the options available.
Updated Agent Communications
A key component of Impact Pro is its patented Syscall Proxy Agent which allows you to interact with agents on compromised systems. With Impact Pro 12.5, the Syscall Proxy Agent has improved resiliency increasing its effectiveness in evading controls that try to detect this type of activity. With v12.5 the agent can be deployed as a DLL, great for environments where unknown executables are not allowed to run. Additionally Impact Pro’s agents can phone home to fully-qualified domain names, rather than IP addresses. For its HTTP and HTTPS connection, users can edit the headers involved in that communication.
Additionally, Impact Pro 12.5 includes performance upgrades focused on increased effectiveness while reducing the number of packets required for success.
Updated Anti-Virus Evasion
To continue to help test endpoint security software, Impact Pro v12.5 includes updated techniques to help test the ability of defensive technology to pick up on the attempt to exploit and run code on a system.
About CORE Impact Pro
CORE Impact® Pro is the most comprehensive software solution for assessing the real-world security of web applications, network systems, endpoint systems, email users, mobile devices, wireless networks, and network devices. Backed by CORE Security’s ongoing vulnerability research, Impact Pro allows you to take security testing to the next level by safely replicating a broad range of data breach threats. As a result, you can identify exactly where and how your organization’s critical data can be breached. Learn more about CORE Impact Pro penetration testing software at www.coresecurity.com/core-impact-pro.