5 Things You Didn’t Know About Core Impact
You may have heard that Core Security’s Core Impact is an enterprise-grade penetration testing solution that uses same tactics and techniques as real-world attacks. You may have heard that it’s automated and easy-to-use, so teams of any prior skill level can leverage the same advanced attacks. And you may have even heard that it can automate routine tasks as part of the overall engagement, so more experienced testers can save time and energy for more complex tasks.
But there may be a few things you still haven’t heard.
Here are five features that everyone should know about Core Impact that distinguish it from other pen testing solutions and put it in a class all its own.
1. An Exploit Library Created and Managed by Experts
Today’s teams want to test their defenses against the best an adversary has to give, and to realistically emulate that test, a pen testing solution can’t be a hair behind in adversarial techniques. We employ expert writers and testers to ensure our attacks feel, look, and prove you like the real thing. Core Impact users don’t have to go through the time-consuming task of creating their own exploits or the hassle of getting an untested one pre-approved. After all, open-source exploits may be insecure, non-functional, or simply not available. Instead, Core Impact operators have access to our Core Certified Exploit Library, enabling them to leverage thoroughly vetted and validated attacks, updated regularly with exploits for critical vulnerabilities that are at risk of or are already being exploited in the wild.
2. A Safe Way to Simulate Ransomware Attacks
There is no teacher like experience, but when it comes to ransomware, who can afford the lesson? Thankfully, Core Security offers a way to simulate ransomware attacks to safely enable learning. The ransomware simulator can mimic the behavior of multiple ransomware families, encrypting user-specified files using a fully reversible symmetric key and exfiltrating mission critical data. Security teams can even create and leave an explanatory README file once the exercise has been completed, further emulating a real attack.
3. Incorporation of Additional Testing Tools
Core Impact also pushes the envelope by extending its capabilities with other tools. For example, Impacket, a collection of Python classes for working with network protocols, has been fully incorporated into the product. As part of Core Impact, users can use Impacket’s functionality to automate certain attacks and modules. Impacket is a critical tool that facilitates Active Directory (AD) testing and enables users to work with Windows network protocols. This open-source tool (managed by Fortra) is the base for dozens of tools and scripts.
Users can also include additional modules, like BloodHound, a data analysis tool integration that identifies hidden relationships within an Active Directory environment.It uses analyzed data from AD to rapidly detect complex attack paths for privilege escalation, lateral movement, and high-value asset compromise.
4. A Visual Attack Map for Additional Insights
Visual Attack Map | Next, you can’t see where you’re going unless you know where you’ve been. That’s where Core Impact’s visual attack map comes into play. This network graph view displays a real-time overview of attack chains, pivoting and any other activities completed during testing, providing visual insight that allows security teams to better determine the best path forward in the testing engagement. This enhancement of Core Impact enables users to map and categorize every engagement in MITRE. Additionally, it provides reporting options that employ the MITRE ATT&CK Navigator layer output. A demo of these capabilities can be seen here.
5. Re-testing Capabilities to Validate Changes
Lastly, you may not know that Core Impact allows testers to efficiently re-test network and web assets that have previously been identified as vulnerable. Because the remediation responsibilities usually fall on a different team, remediation validation is an important step for penetration testers. Core Impact's Remediation Validator results will be output to a report, comparing new results with original results. In many cases, the Remediation Validator supports agent redeployment and remediation on testing scenarios where OS agents, WebApps agents, and Network SQL agents are used together to detect vulnerabilities.
The Proactive Approach to Cybersecurity
These additional features give Core Impact a competitive advantage over other tools in the market, empowering its users to rapidly detect the best paths to a company’s critical assets across multiple protocols and environments.
A successful penetration testing engagement has many different components and moving parts. It requires fast access to the best exploits, reducing downtime and increasing real-world credibility. It requires the ability to test your teams against a realistic ransomware scenario; data exfiltration, ransom note, and all. It requires the ability to test within Active Directory, a prime attacker target. Keeping track of attack progress in your head is no match for the organization and efficiency of a bespoke graphical map. And lastly, a pen test is only worthwhile if its results are note and recommendations are acted upon. Retesting is fundamental to staying ahead of attackers and truly implementing a proactive approach.
By using Core Impact and leveraging all of its capabilities, teams can do more than “perform a pen test.” They can establish a long-standing proactive security staple that will secure them a seat at the table no matter what attacks the future might bring.