As the World of Pen Testing Evolves, so too does Core Impact Pro
The world of penetration testing has changed quite a bit over the past several years. It’s being carried out by more organizations that ever before, both as the result of new PCI DSS requirements and a general increase in security awareness. Meanwhile, the population of advanced ethical hackers who have traditionally carried out pen testing has not grown at quite the same rate. This simple supply and demand problem means that more and more members of security and IT teams who have not been formally trained in the art of pen testing are now being asked to figure it out on the fly. And since the C-Suite is finally interested in understanding their organization’s security posture, skilled hackers and novices alike must be able to effectively communicate their findings up the corporate latter. We kept all of these factors in mind while designing the latest version of Core Impact Pro. We also incorporated suggestions from existing customers, many of whom got a sneak peek of Impact 2015 R1 during Black Hat (and seemed pretty psyched about the updates!) The bottom line is that we always seek to make penetration testing as accessible and effective as possible. We hope you’ll agree that the new and enhanced features in Impact 2015 R1 are yet another step in that direction. New capabilities released in Core Impact Pro 2015 R1 include:
- Pause-and-Resume for Network Wizards: Many users face time restrictions when network testing. In some cases, maintenance windows are too short to complete a scan or test. Breaking down networks into smaller sets does not guarantee tests will be completed on time. Pause-and-resume allows Core Impact Pro users to stop and save the current state of a test, and pick up where they left off during their next maintenance window. With this latest release, this capability is added on top of the existing pause-and-resume present in the client-side vector.
- Record login for Web Application Authentication: There are many ways to log into a web application–usually a challenging phase when performing automated information gathering. Not only can the login sequence differ across different applications, but there may also be extra steps required, such as acknowledging a disclaimer page that is needed to keep the session alive. In addition to the existing authentication functionality, this new feature assists the user in logging into a target web application and performing extra tasks as needed, while recording every request the user places. As a result, the user will be able to play the recorded steps when performing WebApps Information Gathering.
- Flexible and Customizable Reporting: The flexible, custom reports allow users to export reports to Microsoft Excel® and modify vulnerability tables, graphics, company logos, and other elements. Users can also save customized reports as templates to use in future report generation.
- Kerberos Support: The Kerberos authentication protocol provides a mechanism for mutual authentication between a client and a server. Beginning with Windows 2000, the Kerberos protocol became the default authentication mechanism. It is the preferred authentication method over NTLM, because of NTLM weaknesses such as pass-the-hash, man-in-the- middle, and brute force attacks against the NT hashes. Several attacks have been discovered over the last few years, opening a new set of threats that attackers can use to take over domains. The MS14-068 vulnerability is a good reference showing the importance of having Kerberos support in your attack arsenal. Core Impact Pro 2015 R1 supports the Kerberos authentication protocol natively for SMB and MSSQL connections. It is integrated into the product’s Identity Management functionality, allowing users to capture Kerberos tickets and keys from memory or disk and use them in any module that requires authentication against a target. This new feature also allows attacks on Kerberos-only environments and techniques like pass-the-ticket and pass-the-key.
- Agent Persistency using WMI: In the last release of Core Impact Pro, we added native support for Microsoft Windows Management Instrumentation (WMI), allowing users to install agents using WMI and use agent-less shells when covert activity is required. In addition to Core Impact Pro’s existing agent persistency, the product now supports this capability through WMI Event Consumers. The new feature eliminates the need to create a Windows Service, providing a stealthier technique recently used by numerous malware and the subject of research publications in the security community.
- Rapid7 Nexpose Support: We added support for Rapid7 Nexpose that can be used with our Vulnerability Validation Wizard. This connector will be capable of accessing a Nexpose instance and importing Nexpose “Network” results into Core Impact Pro.
- General Usability Enhancements: We have added many new usability features based on extensive customer feedback, including “module re-launch,” the ability to filter executed modules by target, “BurpSuite Importer” and Windows 10 support.