Core Impact's Rapid Penetration Tests
Core Impact’s Rapid Penetration Tests (RPTs) are intuitive wizards that enable testers to swiftly discover, test, and report in just a few simple steps. By leveraging RPTs, testers can maximize their time, elevate their skills, and safely execute tasks on a variety of targets.
Rapid Pen Test Categories
RPTs can be completed across three different vectors:
Network
Uncover and exploit security weaknesses within your infrastructure. These tests target hosts, IPs, or different operating systems attached to the architecture. Examples include servers or network devices.
Uncover and exploit security weaknesses within your infrastructure. These tests target hosts, IPs, or different operating systems attached to the architecture. Examples include servers or network devices.
Client Side
Test the strength of your users with social engineering attacks. These tests focus on end user interaction, using phishing emails to gain access to applications on an employee workstation.
Test the strength of your users with social engineering attacks. These tests focus on end user interaction, using phishing emails to gain access to applications on an employee workstation.
Web Application
Assess the security of web applications by targeting web pages and urls. These tests monitor for the OWASP Top 10 Web Application Security Risks, which include injection flaws, broken access control, misconfigurations, and more.
Assess the security of web applications by targeting web pages and urls. These tests monitor for the OWASP Top 10 Web Application Security Risks, which include injection flaws, broken access control, misconfigurations, and more.
Each of these vectors have their own set of RPTs, which can be used individually, or chained together for a more comprehensive evaluation.
Network RPTs
Network Information Gathering
Network Information Gathering provides information on possible targets, making it easier to deploy attacks. Options for this group of modules include network discovery, port scanning, OS identification, and service identification. Third party vulnerability scanner data can also be imported for additional information.
Attack and Penetration
The Network Attack and Penetration RPT is used to automatically select and launch remote attacks. External information can inform these attacks, or data from the Network Information Gathering RPT can be used to provide intelligence on the attack targets.
There are two attack methods. The exploit attack identifies code execution vulnerabilities in the OS or in any installed programs using Core certified exploits, which have been expert tested and verified. The identity attack finds authentication weaknesses so identity information like usernames and passwords can be acquired.
Local Information Gathering
The Local Information Gathering RPT is used to gain more precise information on a compromised target. Using one of Core Impact’s agents, which serve as a conduit to the remote host, this RPT can uncover additional OS information, user credentials, email addresses, and more.
Privilege Escalation
The Privilege Escalation RPT ensures that every agent that is connected to the target has Root or administrator privileges to provide full access to the compromised system.
Clean Up
The Clean Up RPT automatically uninstalls every connected agent and removes them. This means no agent is left behind after testing to drain resources or be used as a potential backdoor for attackers.
Client-Side RPTs
Information Gathering
The Information Gathering RPT harvests email addresses that are visible from the Internet as well as the organizational intranet. This RPT can uncover these addresses in several ways: crawling the organization’s public facing website, search engines, LinkedIn, or server entries (PGP, DNS, WHOIS). Gathering email addresses from the Internet provides visibility into how widely available these addresses are to attackers.
Attack and Penetration
Once organizational email addresses are gathered, which can be completed by the Information Gathering RPT, the Attack and Penetration RPT can be used to send one or more malicious emails. Several attack deployments are available: web browser links, mail client exploits, attachments, and Trojans.
Email templates can be tailored to look more or less authentic to test how discerning users are of their email. If opened, Core Impact users can then pivot and run Network RPTs inside the network.
Phishing
Similar to the Attack and Penetration RPT, the Phishing RPT uses harvested email addresses to send emails that will serve as an entry point to the network. These phishing emails will contain urls that launch either a browser redirect from an authentic website, or link to a web page clone of a known website. Once opened, a user would type in their credentials, providing access that can then be exploited using Network RPTs.
These emails can also be tailored to look and read as realistic as needed. Actual emails can even be imported to add to the authenticity, or actual phishing emails can be imported to imitate real world attacks. Reports will generate a list of who opened these emails, providing insight into who is susceptible to these types of attacks.
Local Information Gathering
Once an agent is deployed on the target by a user interacting with the client side attack emails, more information can be gathered from the now compromised target, including additional OS information, agent privileges, users, and installed applications.
Privilege Escalation
The Privilege Escalation RPT ensures that every agent that is connected to the target has Root or administrator privileges to provide full access to the compromised system.
Clean Up
The Clean Up RPT automatically uninstalls every connected agent and removes them. This means no agent is left behind after testing to drain resources or be used as a potential backdoor for attackers.
Web Application RPTs
Information Gathering
This RPT scans the domains of web-based applications, and can identify potentially vulnerable pages or services. This RPT not only scans known web applications, it can also discover web applications on running HTTP servers.
Attack and Penetration
The WebApps Attack and Penetration RPT takes pages and services that are at risk and tests which specific attacks to which they’re vulnerable. The options of attacks to test for correlate with the OWASP top ten and include:
- Injection
- Broken authentication
- Sensitive data exposure
- XML external entities
- Broken access control
- Security misconfiguration
- Cross site scripting (XSS)
- Insecure deserialization
- Using components with known vulnerabilities
Additionally, tests are available for PHP remote or file inclusion vulnerabilities, invalid redirects and forwards, as well as hidden pages.
Local Information Gathering
This RPT uses SQLi and PHP-RFI agents to gather information on the database, including logins, schema, and sensitive information.
One Step RPTs
Core Impact also provides one-step network and web application tests that runs a complete test in a single step, then provides detailed reports of the test's findings.
Vulnerability Scan Validation
There is a one-step RPT available to swiftly validate third-party vulnerability scanners like Nessus, Burpsuite, and Rapid 7. Core Impact can import the scan’s results, and provide a prioritized list of weaknesses, which can provide guidance on what remediations should be focused on based on the level of threat these vulnerabilities pose to the infrastructure.
Remediation Validation
Once remediations have been made, there is an RPT available to efficiently retest the network and web applications that were initially vulnerable. A report will be generated which compares the retest results with the original test results, and can confirm whether the issues have been sufficiently fixed.
Report Generation
Each vector also has the ability to auto generate reports, which detail both what tests were run and their findings. Core Impact can produce a variety of different reports, like trend reports, full executive reports, activity reports, and more granular reports for specific types of RPTs run. These reports can be used to plan and prioritize remediation efforts, as well as proving compliance to regulations like PCI DSS, GDPR, and HIPAA.