Core Impact 21.2: Incorporating the MITRE ATT&CK™ Framework and Attack Map Enhancements | Core Security Blog

Core Impact 21.2: Incorporating the MITRE ATT&CK™ Framework and Attack Map Enhancements

The latest release of Core Impact has arrived! Version 21.2 underscores our alignment with the cybersecurity community, incorporating the MITRE ATT&CK™ framework to provide further insights into security weaknesses. We’ve also added additional features to Core Impact’s attack map, making the penetration testing process even more intuitive.

Core Impact MITRE map

The MITRE ATT&CK Framework

The MITRE ATT&CK framework is a matrix of tactics and techniques used by real-world threat actors that has become a standard in defensive security, helping cybersecurity professionals create threat models to better prepare against risks that threaten the safety of critical data. Core Impact can now map and categorize every engagement in MITRE.

The ATT&CK matrix consists of 14 categories of tactics, including:

  • Reconnaissance
  • Resource development
  • Initial access
  • Execution
  • Persistence
  • Privilege escalation
  • Defense evasion
  • Credential access
  • Discovery
  • Lateral movement
  • Collection
  • Command and control
  • Exfiltration
  • Impact  

Each tactic includes multiple techniques used by threat actors, many of which align with Core Impact’s capabilities. Since MITRE ATT&CK is a community effort, organizations or individuals can all contribute to the ongoing development of this matrix to ensure it’s up-to-date with the latest tactics and techniques.

Reporting with MITRE

With each engagement mapped to MITRE, Core Impact 21.2 offers two new reporting options that utilize the MITRE ATT&CK Navigator layer output.

The ATT&CK Navigator Report

Based on the techniques executed during an engagement, this report uses the MITRE layer to classify and prioritize risk, and includes the option of exporting results with the ATT&CK Navigator JSON format.

The NIST 800 Navigator Report

Building on the impressive work being done by MITRE’s Center for Threat-Informed Defense, this report offers a modified JSON output for organizations who want to align their activities with both ATT&CK and NIST’s catalog of security and privacy controls, known as NIST 800-53.

Attack Map Enhancements

Core Impact’s Attack Map is a network graph view that provides a real-time overview of attack chains, pivoting and any other activities completed during testing. The Attack Map is completely interactive and can be used as the primary working space for testers who prefer a fully visualized engagement experience.

See these new features in action in the Core Impact 21.2 overview video:

Want to see more Core Impact features in action?

CTA Text

Watch a demo for a full overview of this powerful penetration testing tool.