Technical Best Practices

View technical best practices for penetration testing and vulnerability management from Core Security.

We are pleased to announce the availability of CORE Impact v2013 R1.4 for our customers. This is our most-recent and final update for Impact 2013 R1. During the following weeks the team will be fully focused on fitting and finishing our upcoming major…

Read More

My name is Nicolas Economou  and I’m a specialist member on the Exploit Writing Team here at CORE Labs - specializing in Windows kernel exploitation. Today, I would like to say a few words about a 0-day published a month ago. On Friday, May…

Read More

We are pleased to announce the availability of CORE Impact v2013 R1.3 for our customers. This update builds upon the powerful 2013 R1 release and adds more than 40 new updates to the product. All customers can update to the new version from 2013 R1.0,…

Read More

CORE CloudCypher was born as a critical support tool required by our SCS (Security Consulting Services) team while performing world-class penetration testing engagements. In most of their consulting engagements they are usually able to get access to encrypted passwords and they need to know…

Read More

Why Audit? Harriet Beecher Stowe is credited with the quote "Human nature is above all things lazy" - while I prefer to think of myself as 'efficient' rather than lazy I think the principle is sound. When faced with the choice of executing a…

Read More

I ended the month of February with RSA, from a vendor point of view the show seemed to be bigger than last year; more vendors and it felt like there were more vendors with large scale booths than in previous years. I am…

Read More

With the recent release of Core Impact Professional v12.5 and the addition of the Identity Manager functionality I thought now was the perfect time to talk about the User Actions functionality. While this functionality has existed for many versions prior to 12.5, it…

Read More

At CoreLabs, we spend our time thinking a lot about how to improve different aspects of the computer security, and how to advance the state of the art. Sometimes, our ideas become part of the Core family of products. Sometimes, we investigate theoretical…

Read More

When my mother emails to ask if she should be worried about the Java vulnerability the saw on the news, you know a security issue has gone mainstream. And it seems you cannot be a security company without having a blog warning of…

Read More

Assessing and testing the security of an ERP environment is a challenging venture. Because of that and due the overall complexity and the business significance, ERP security should be designed with a holistic approach, focusing on some specific components could result in interesting…

Read More