Resources
Guide

When to Use Penetration Testing Software, Services, or Both

You know you need a penetration test. Whether it is from an internal mandate or external compliance requirements, it has to be done. From here, the question is how. Do you leverage software and the analysts you already have, hire an external service provider to do the heavy lifting for you, or use some combination of the two? All are reasonable...
Offensive Cybersecurity
Penetration Testing
Guide

Understanding Mobile Application Penetration Testing

Mobile apps are nothing if not convenient. Roughly 62% of businesses either have an app or are on their way to developing one, and last year, over 60% of internet traffic came from mobile sites (up from 29% ten years ago). Mobile apps get information to customers faster and facilitate the online buying process, likely resulting in more sales. And on the operations side, enterprises themselves use...
Offensive Cybersecurity
Guide

The Complete Guide to Layering Offensive Security

What does offensive security really mean? In today’s world, cyberattacks happen every few seconds and can result in catastrophic damage. In fact, according to the Ponemon Institute, the average cost of a data breach is now $4.4 million globally. How is it that some businesses seem better protected against the harmful, and often long-term, consequences of such threats? It’s the difference between...
Offensive Cybersecurity
Penetration Testing
Red Team
Guide

Managing Your Attack Surface

Every point in your organization that provides access to data is what’s known as your attack surface. Your attack surface includes both digital and physical endpoints. It’s vital to understand what it is and how to protect it. This guide explores the breadth of the attack surface and how organizations can effectively manage it to reduce risk. ...
Offensive Cybersecurity
Penetration Testing
Guide

How to Use Upskilling and Reskilling to Scale Your Cybersecurity Team

As security budgets get cut across the board, hard decisions must be made about what stays and goes. Offensive security (also referred to as “proactive security”) is one of the most effective ways for organizations to audit their security defenses, protect their networks, and stay compliant. Unfortunately, highly trained offensive security personnel are hard to come by. As the need for proactive...
Offensive Cybersecurity
Guide

Avoiding Compliance Surprises - Financial Technology

Compliance is so important in today’s business economy (some might say it is the economy of business) because it is the “pass” that allows you to play. Ensure it, and you can play anywhere. Go without it, and you’re benched. From fees to jail time, PR costs to reputational damage, being caught not complying with legal standards for protecting critical systems, information, and proprietary...
Offensive Cybersecurity
dashboard-main
Blog

Customizable Reports with Core Impact

Thu, 09/25/2025
Streamline Penetration Testing Documentation with Flexible, Automated ReportsCore Impact's robust reporting capabilities have evolved significantly in the last few years, empowering penetration testers and security professionals to generate customized reports that align with specific organizational needs and compliance requirements. With the latest version and ongoing enhancements, Core Impact...
Blog

How Cyber Weaknesses Lead to Empty Shelves: An Offensive Security View

By Katrina Thompson on Tue, 09/23/2025
Empty grocery shelves can be caused by natural disasters, wars, and trade embargoes, as we’ve seen in recent years. But they can also be the result of successful cyberattacks, which could be more preventable than the other three agents of chaos. Whether a company sells computer chips or potato chips, if the logistics of production, distribution, or sale are disrupted, shelves will remain empty...
Offensive Cybersecurity
Penetration Testing
blog
Blog

Offensive Security Is Now a Must: How CISOs Can Justify OffSec Investment

By Katrina Thompson on Wed, 09/10/2025
With emerging attacks coming harder, faster, and more ingeniously than ever before, organizations can’t afford to sit around and wait for attackers to tell them where their weak spots are. They need to get ahead of and around them with offensive security tactics; think penetration testing and red teaming. Unfortunately, for board members and stakeholders not on the security front lines, OffSec...
Offensive Cybersecurity
Penetration Testing
Red Team
Blog

SEC Readiness: 12 Reasons Why Your Offensive Security Matters More Than Ever

Mon, 09/08/2025
With the U.S. Securities and Exchange Commission’s (SEC) new cybersecurity disclosure rules in full effect as of December 2023, public companies — and even the vendors that support them — are now under unprecedented pressure to not only report material cyber incidents within four business days but also demonstrate robust, actionable cybersecurity plans. This is pushing offensive security (OffSec)...
Offensive Cybersecurity
Blog

Completing the Circle: The Path to CVE-2025-7388

By Marcos Accossatto on Thu, 09/04/2025
On March 6, 2024, Zach Hanley from Horizon3.ai wrote a blog post about reproducing CVE-2024-1403 using an authentication bypass in Progress OpenEdge.In the blog post, he explained the architecture behind OpenEdge and all the technical information related to the CVE-2024-1403 vulnerability. In the same blog post, he also posted a proof of concept (POC) to exploit the vulnerability. However, as this...
new exploit blog
Blog

Core Impact Quarterly Chronicle: Exploits and Updates | Q2 2025

By Pablo Zurro on Fri, 08/22/2025
Core Impact Exploit Library AdditionsOne of Core Impact’s most valuable features is its certified exploit library, maintained by a team (formerly Core Labs) within the Fortra Intelligence & Research Experts (FIRE) group. This team conducts in-depth research to evaluate and prioritize the most critical vulnerabilities, ensuring the library is updated with high-impact, reliable exploits that enable...
Penetration Testing
Guide

CISO’s Guide to Justifying Offensive Security Investments

Map Offensive Tactics to Business ObjectivesOffensive security is vital for strengthening organizational defenses, but not everyone immediately understands that. Get the buy-in you need to fund your offensive strategy, using the tips outlined in this guide. The CISO's Guide to Justifying Offensive Security Investments helps you:Build a Practical Business CaseConvey Compelling ROI & Value...
Offensive Cybersecurity
Penetration Testing
Black and white photo of hospital environment with lock icon overlay
Blog

Proposed HIPAA Update Makes Yearly Pen Testing Mandatory

By Katrina Thompson on Thu, 07/17/2025
In early 2025, significant changes to the HIPAA Security Rule were proposed by the Office of Civil Rights for the Department of Health and Human Services (OCR). The proposed update to the HIPAA Security Rule, published on January 6, 2025, introduces a significant new requirement: all covered entities and business associates must conduct penetration...
Penetration Testing
Compliance
blog article thumbnail
Blog

Core Impact 21.7: Transform Your Agents

By Pablo Zurro on Wed, 04/30/2025
We’re excited to announce the release of Core Impact 21.7, packed with powerful new features, thoughtful enhancements, and critical fixes that further solidify Core Impact as a go-to solution for penetration testers. This update focuses on extending agent customization options, improving integration with external tools, and optimizing the overall user experience.Agent TransformationsThis new...
Offensive Cybersecurity
Penetration Testing
new exploit blog
Blog

Core Impact Quarterly Chronicle: Exploits and Updates | Q1 2025

By Pablo Zurro on Mon, 04/07/2025
Core Impact Updates New Release: Core Impact 21.7Core Impact 21.7 is now available! This release sees the introduction of the new agent transformation callbacks, a newer UI for the entity's creation dialogs, a series of quality-of-life changes, and more.A more extensive post will be published detailing all the new features and their use cases. Core Impact Exploit Library AdditionsOne of Core...
Penetration Testing
new exploit blog
Blog

Core Impact Monthly Chronicle: Exploits and Updates | December 2024-January 2025

By Pablo Zurro on Wed, 02/19/2025
Core Impact Exploit Library AdditionsOne of Core Impact’s most valuable features is its certified exploit library, maintained by a team (formerly Core Labs) within the Fortra Intelligence & Research Experts (FIRE) group. This team conducts in-depth research to evaluate and prioritize the most critical vulnerabilities, ensuring the library is updated with high-impact, reliable exploits that enable...
Offensive Cybersecurity
Penetration Testing
blog article thumbnail
Blog

Core Impact and Cobalt Strike: Distinct Strengths, Enhanced Combination

By Pablo Zurro on Thu, 01/23/2025
Given its functionality as a multifaceted toolset, there are some features of Core Impact that users may not have taken advantage of. In this post, we’ll talk about SOCKS tunneling. Namely, we’ll walk through use cases of Core Impact’s SOCKS proxy capabilities and how to use it together with Cobalt Strike.What is SOCKS Tunneling?SOCKS Tunneling allows operators to run Core Impact modules and...
Offensive Cybersecurity