Our Pledge: Safe and Controlled Security Testing
A significant concern for any company engaging in proactive security testing is that the work itself does not have a negative effect on any systems or processes, or take critical operations offline, in the process of emulating threats to see if IT and network assets are properly protected.
This is one of the best reasons to choose our family of products to carry out your security analyses -- because we have spent considerable time and effort, and continue to do so every day, to ensure that our customers won’t create any unexpected problems as a result of their testing projects.
Rigorous Quality Assurance
Our extensive library of exploits is continuously run through rigorous QA testing, using an effective combination of automated testing processes and close personal inspection. Our testing team works hard to reduce the chances that our exploits will have unpredicted or ancillary effects on tested systems or processes.
While the automation of testing for existing exploits is relatively easy, extensive testing of new, “work-in-progress” exploits is significantly harder and can only be done by hand. Our testing team exhaustively assesses the new exploits in a range of environments to eliminate or reduce the circumstances when those exploits could cause issues in the target environment.
Keeping Code Off Tested Systems
The integrity of a system can be thought of as its ability to operate in an unimpaired condition. CORE’s exploits are written and tested to a commercial-grade standard, and our agents are designed with the same care. CORE Security seeks to not disrupt the integrity of a system, when deploying agents. Our solutions can deploy memory-resident agents, file-based agents, and persistent agents. Memory-resident agents are run in RAM, and they are automatically removed under a number of circumstances. These include events such as: a user issues a cleanup command, a user loses connection to the agent, the compromised service or machine is restarted. File-based agents or Persistent agents can be copied to a target’s file system and can be removed using our solutions’ Clean-Up capabilities or by hand.
In the rare cases where the agent is maintained on a device after a test is completed, it is automatically erased from the system’s memory the next time the tested machine is rebooted (if it was memory resident). For file and persistent agents that were not cleaned up, it is not possible for anyone one else to communicate with that agent due to the authentication that is performed between the Impact workspace and agents it has deployed. However, it possible for CORE Impact to reconnect to that exploit and “Clean Up” – additionally all information about how the agent was packaged is contained in the Impact’s Module logs, providing enough information to remove the agent by hand.
Maximizing System Stability
Some exploits, due to a factor of the vulnerability they are exploiting, could disrupt the stability of the targeted service. Consequently, while CORE Security has a goal of providing only safe exploits, there occasionally is the potential to disrupt system processes when executing some exploits. Before one of these specific exploits is executed, users are cautioned regarding the potential implications of performing that exploit on said vulnerability.
It is a goal of CORE’s exploit testing team to determine if an exploit will cause a loss of system stability. Inadvertently putting a system into a degraded state during an assessment is typically not part of the Scope of Work of most security test and measurement assessments.
CORE Security offers customers the peace of mind to know that the product they are using will not cause services to become unavailable, and possibly crash. This is the key that separates CORE Security from others in the marketplace. Our commitment is to deliver a commercial-grade solution.
Leaving No Backdoors
Another common concern of security testers is ensuring that any agents/payloads that they deploy will establish a path by which attackers could someday find their own way into an organization’s networks or systems. During the penetration test, our product design of mutual authentication once again guarantees that this scenario is not a possibility. And after the test is over, if communication with a file based or persistent agent is lost, it is possible to reconnect to that running agent and issue the “Clean Up” command. Furthermore, CORE’s products log all of their activities, meaning that agents can be easily found in the event that a manual clean up is required.
Independent Safety Validation in the Field
Over the years, many of our customers – including large US Federal Agencies – have conducted independent code reviews of our products to confirm their safety and predictability in sensitive IT environments. These reviews have always resulted in the organization deciding to implement the solution.
No New Vulnerabilities
Our products never create any new security vulnerabilities during testing, rather, they merely find the weak points that already exist in tested systems and exploit those issues to help customers better protect themselves.