We are pleased to announce the official release of Core Impact Pro 2014 R1.2 today, May 7. More than 20 updates have been added thus far, and are available through the regular update channel for all IMPACT customers who have upgraded to the latest version.  In this new 2014 R1.2 release version we have added more than 20 updates including highlights like:

  • a module that checks for the Heartbleed bug and dumps portions of the target's process memory
  • a new way for installing agents in Windows that does not require creating a service (something that is detected by antiviruses) by means of Windows Management Instrumentation (WMI) API
  • a remote exploit for a SCADA software system (Schneider Electric Serial Modbus Driver)
  • additional remote exploits for Oracle TNS Listener, HP Data Protector and EMC Data Protection Advisor
  • 7 Client-side exploits for applications such as Adobe Flash Player (3 different ones!), VLC and Microsoft Word
  • 2 Local exploits for Oracle VirtualBox, one of them allowing to escape to the host OS
  • 2 DoS for Windows and 1 for Linux
  • Other updates including improvements to the AV shell and the use of a mutable decoder during the second stage for agent deployment which reduces the chances for the agent to be detected by an antivirus/IDS/IPS

As usual, your feedback and questions are greatly appreciated. Please send us your questions and suggestions that will help us develop an even better product. Pablo Andres Rubinstein Director of QA and L3 for Core Impact Professional