Core Impact Updates: New Version Release and Impacket

We’re ringing in the new year with the latest release of Core Impact ! Version 21.3 strengthens the connection between Core Impact and Cobalt Strike, amplifying the capabilities of both tools. In addition to this release, Core Security is also excited to be taking over maintenance for Impacket, a critical pen testing tool that allows to work with Windows network protocols and facilitates Active Directory testing and command execution over SMB and WMI.

Core Impact Version 21.3

This release focuses on bringing the power of Cobalt Strike to Core Impact, enhancing the pen testing experience both for those who use Core Impact alone as well as those who have both tools.

Beacon Object Files (BOF) Execution

Beacon is Cobalt Strike’s custom agent that can be used to execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads. A Beacon Object File (BOF) is a compiled C program that can execute within a Beacon process and use internal Beacon APIs. BOFs allow users to extend the use of the tool using new features that are often created by the talented Cobalt Strike community.

Core Impact now fully supports the Cobalt Strike BOF API, allowing Core Impact users to also be able to benefit from these extensions. These BOFs will require no modifications and can be precompiled to execute in either Cobalt Strike or Core Impact.

Exploit Execution Through Beacon

Image

The interoperability features of Core Impact and Cobalt Strike continue to grow. Users of both tools will have new opportunities and increased success rates when seeking to move laterally in a target environment.

Cobalt Strike Beacon enables third-party tools to pivot by exposing a SOCKS proxy server. Each time Beacon checks in, data that writes to or is read from ongoing connections is exchanged. Core Impact can now leverage this functionality in order to launch Core certified exploits directly through Beacon.

Impacket

We’re excited to have recently welcomed Impacket to Fortra’s cybersecurity portfolio. Impacket is an open-source collection of modules written in Python for programmatically constructing and manipulating network protocols. It has long been a fundamental piece of most pen tester’s toolkits and has been used as the base for dozens of tools and scripts. Impacket is even the foundation of Core Impact’s Active Directory attack testing features. Core Impact users will benefit from these two tools being developed under the same umbrella, with new opportunities for further alignment.  With our commitment to offensive security, we look forward to developing this essential open-source tool to help all penetration testers in their future engagements.

As the new owner of the Impacket technology, we will not only be able to shape its future development, but also further develop the open-source ecosystem around it and enable our community partners to contribute to it and enhance it. Impacket is now hosted in Fortra’s GitHub at https://github.com/fortra/impacket.