Resources

Article

Core Impact 2017 versus Metasploit: the Shootout Comparison

Core Impact 2017 R1 and Metasploit Pro are tools used to create multi-staged, real-world attacks to test enterprise security defenses. Organizations need improved visibility into the the holes in their enterprise network defenses. Pen Testing tools allow an organization to evaluate their ability to detect, prevent, and respond to attacks using multi-staged, real-world attacks. Both Core Impact...
Blog

3 Reasons You Should Be Using SIEM

Security Information and Event Management (SIEM) solutions have been around for years, helping to identify and escalate critical security events. SIEM solutions have become integral to many organizations’ security portfolios. In fact, according to the 2021 SIEM Report by Cybersecurity Insiders, 74 percent of respondents ranked SIEM as very to extremely important to their organization’s security...
Article

Understanding the Evolution of Ransomware

Ransomware, as an active variant of current malware, has undoubtedly undergone a series of changes that have allowed cyber criminals to expand the horizons of clandestine business. In order to try to understand the different "forms" ransomware has presented over time, this article will show the evolutionary line of this latent threat in a compact and concrete way. Ultimately, it aims to...
Video

Prioritizing Pen Testing: 2021 Survey Results Revealed

The global chaos of last year was also seen in the digital world, as cyber attackers were seemingly relentless in their efforts. Such activity underscores the importance of penetration testing to assess and test security vulnerabilities, which allow you to better evaluate risk and be ready to detect, prevent and respond to threats as they happen. Though pen tests continue to become a required part...
Blog

How to Pen Test Against Orphaned and Privileged Accounts

The more pen-tests I do, the more I see that despite how every organization claims that they’re different, I see the same commonalities with how things are being managed inside the network. One of those commonalities that I see tends to vastly improve my odds of persistence and avoiding detection: how an organization handles orphaned accounts and service accounts. Let’s talk about a little theory...
Article

Simple DNS Redirectors for Cobalt Strike

Authored by: Ernesto Alvarez, Senior Security Consultant, Security Consulting Services This article describes techniques used for creating UDP redirectors for protecting Cobalt Strike team servers. This is one of the recommended mechanisms for hiding Cobalt Strike team servers and involves adding different points which a Beacon can contact for instructions when using the HTTP channel. Unlike HTTP...
Video

The Evolution of SIEM: 2021 Survey Results Revealed

The commotion and upheaval of 2020 still has everyone seeking steadier ground, and security teams are no exception. But with seemingly relentless attacks and increasingly complex threats, is such stability just a pipe dream? Can well established safeguards like Security Information and Event Management (SIEM) solutions still be relied upon? In this webinar, cybersecurity experts Bob Erdman and...
Article

Exploiting Citrix Application Delivery Controller (ADC) and Gateway CVE-2019-19781 with Core Impact

A Core Impact module was released on January 14, 2020 to exploit an as-yet unpatched patch traversal flaw in Citrix Application Delivery Controller (ADC) and Gateway (formerly known as NetScaler ADC & NetScaler Gateway) identified as CVE-2019-19781.This critical vulnerability is a path traversal bug that can be exploited over the internet by an attacker. It can be exploited to remotely execute...
Article

Advanced Pen-Testing Tricks: Building a Lure to Collect High Value Credentials

Here’s the scenario: You’ve compromised a system but it hasn’t been logged into recently by an administrator, so you’re quite disappointed by your Mimikatz results. You’ve got local system credentials but nothing that’s on the domain except the machine account. Your mission: do something with the system that will attract the attention of someone with administrator credentials and make them log...
Article

How to Pen-Test Around the Password

What if I told you that in most networks these days, you don’t have to bother with cracking the passwords? With most networks with Active Directory, you can use the stored hash obtained via Mimikatz or a WPAD attack to authenticate. How, you may ask? It’s because of the wondrous bit of mis-engineering that is the Windows NT Login Challenge and Response. I’m going to dive into this a bit, so that...
Article

Identifying iDevices on your network using Core Impact, and where to go from there...

Oftentimes after using Network Information Gathering, we are still left with a number of devices that may reflect an "Unknown" OS. With the saturation of these devices in the market today, there is a good chance there may be some located on your network. By identifying these devices we can also potentially expand our attack surface and gain other useful information. So, where do we start? We may...
Article

Building Custom Modules for Core Impact, Part 1 of n-1

In this installment, we’ll start diving into the anatomy of an Impact module where you'll get the opportunity to absorb some of the features and implications before we dive into building something real and useful. In the course of conducting penetration tests, we often come across password hashes of various types. We can sometimes use these without cracking them, but, it is often useful and...
Article

Building Custom Modules for Core Impact, Part 3 of n-1

In our last installment, I gave you a final hunk of code with several function calls and decided to let you stew for a week before revealing what was going on under the hood. Well, you’ve stewed for a week, so let’s review. while DoneWithCrack == False: if not self.getTasks(str(self.getHashCatPath()).split("\\")[-1]): DoneWithCrack=True if os.path.exists(outputFile): f...
Article

Building Custom Modules for Core Impact, Part 2 of n-1

Last week, we discussed exactly what we’ll be building and got some of the boilerplate done along the way. I’m sure that you dug into the modules that I strongly hinted that you take a look at for inspiration. To review, this module will need to: Know where the Hashcat executable lives Know what hashes we want cracked Know the minimum password length to brute force Know the maximum password...
Article

The BIOS-Embedded Anti-Theft Persistent Agent that Couldn't: Handling the Ostrich Defense

Alfredo Ortega and Anibal Sacco presented their findings in Absolute Software’s Computrace “persistent agent” as part of their ongoing research on BIOS rootkits at Black Hat USA 2009. Before I dig into some technicalities of the findings of Alfredo and Anibal, let me dispel any doubts about the disclosure process that we followed. The vendor was made aware of the report and upcoming presentation...
Blog

How The Power of Core Impact is More Accessible Than Ever Before

Security teams are increasingly turning to penetration testing tools to advance their in-house programs through strategic exploitation automation. However, it can be challenging to round out a comprehensive and integrated pen testing toolset that meets both your organization’s requirements as well as your budget. In this blog, we’ll explore how Core Impact’s tiered offering provides flexibility...
Article

Reversing and Exploiting With Free Tools Series

The pen testing world is constantly changing and threat actors are continually finding new ways to exploit organizations of all industries and sizes. In order for pen testers to safely and efficiently test and expose security weaknesses, they enlist the help of different tools. This article series from cybersecurity expert Ricardo Narvaja provides tips and tricks on reversing and exploiting...
Blog

Why Privileged Access Management Matters Now More Than Ever

If the last year has demonstrated any lessons for IT and security teams, it’s this: managing privileged access should be a top priority for the business. When a large portion of the workforce began working remotely, there was a frenzy to extend access so individuals could perform their jobs from home. Yet this may have unintentionally caused inappropriate access levels to be extended to employees....
Datasheet

Voice Biometrics

Solution Overview Protecting access to business-critical data and applications is essential for organizations, but the increasing costs and security issues associated with self-service or helpdesk assisted password resets has continued to rise. One highly secure alternative that has emerged for quickly and accurately verifying an individual’s identity is through the use of his or her voice. Voice...
Article

Reversing & Exploiting With Free Tools: Part 7

In part 6, we learned how to understand a shellcode and its resolver. Now, we will continue with the analysis and resolution of abo2 in GHIDRA. Download ABO2 executable. The latest version is on Google drive. You can find the 7zip compressed file the executable (.exe extension), the symbols (.pdb extension), and the source code (.c extension). ...