An exploit is a primary component of all penetration tests. Each exploit is a piece of code that attempts to compromise a workstation or desktop via a specific vulnerability.
When used for actual network attacks, exploits often execute payloads of malicious code that can alter, destroy or expose information assets. Core Security exploits, on the other hand, deploy benign payloads known as Agents.
Leveraging agents, Core Security exploits allow you to safely:
- validate the existence of vulnerabilities;
- prove that vulnerabilities can be exploited; and
- allow you to safely assess the consequences of actual network intrusions.
How Core Security Exploits Work
Core Security exploits typically take the following steps to deploy agents:
Core Security’s exploit libraries automatically create agents based on available target information (e.g., operating system, version and architecture) and user-specified settings (e.g., the agent connection method).
In many cases, a Core Security exploit will further customize an agent to survive transformations imposed by the compromised system. For instance, agent code delivered as an HTTP request parameter may be converted to the UNICODE format by the compromised web server. The exploit must therefore ensure not only that the conversion completes successfully, but also that the agent continues to function after the transformation.
Depending on the specific vulnerability being exploited, Core Security solutions apply various methods for placing agents on target systems, such as injecting them into the memory of a target process. For instance, an exploit for a buffer overflow in a web server will typically inject its payload into the web server process.
4. Code execution
During the execution step, the exploit triggers the agent code to enable interaction with the compromised system. Depending on the vulnerability, this is often achieved by altering the target process to execute the agent code in lieu of the normal application code. In addition to launching command shells on targeted systems, agents offer additional capabilities to ensure effective penetration testing.
Core Security Solutions and Exploits
Unlike vulnerability scans, which simply identify vulnerabilities, Core Security solutions use exploits to replicate real-world attacks on your network. All Core Security exploits are Commercial-Grade, ensuring that they:
- perform penetration tests safely and securely;
- test as many target OS configurations and attack vectors as possible;
- minimize service disruptions;
- are created in-house, by dedicated exploit developers;
- are developed and released on a regular basis;
- undergo intensive quality assurance testing;
- are updated as functionality, attack vectors and reliability evolve; and
- are backed by comprehensive technical support services.
In addition, all Core Security exploits are developed using Python, allowing you to review, customize and extend them as desired. New exploits can easily be added to our solutions and executed in conjunction with their existing libraries of exploits.