Resources

connectors-gears-with-arrows
Blog

Three Ways an Identity Governance Solution Should Integrate with Enterprise Data

Thu, 02/18/2021
Chances are your organization is relying on an extensive number of enterprise applications, systems, and platforms to ensure successful execution of the business. According to an article in The Wall Street Journal, large organizations rely on an average of nearly 130 applications across their business, while smaller firms use around 70 applications on average. The ability to manage user access to...
IGA
Article

Reading DPAPI Encrypted Keys with MimiKatz

As you may already know, when a penetration test or Red Team exercise in being executed, it is important to define the objective of the project. Sometimes it is not enough to get Domain Admin privileges, so the objective may instead be defined as access to a particular network segment or a user’s workstation where credentials and sensitive information could be stored. For the purposes of this...
Article

Analysis of Cisco AnyConnect Posture (HostScan) Local Privilege Escalation: CVE-2021-1366

Authored by: Marcos Accossatto On August 5th, ethical hacker and cybersecurity professional Antoine Goichot posted on twitter that three vulnerabilities he had discovered on Cisco AnyConnect (CVE-2020-3433, CVE-2020-3434, and CVE-2020-3435) were now public. The next day, he published a follow-up blogpost on github. That lead to an investigation by the Core Security team to find additional...
The Importance of Source Code Audits and Application Pen Tests thumb
Blog

The Importance of Static Application Testing and Application Pen Tests

Mon, 02/15/2021
Pen testing is a well-established practice for many organizations. With such diverse environments consisting of different applications from different vendors, it’s safe to assume security weaknesses are lurking somewhere. But why aren’t these security flaws found earlier, by the creators themselves? In this blog, we’ll explore why applications should also go through security testing and review...
Penetration Testing
remote-workforce-access
Blog

Remote Work Is Here to Stay: How to Deal with Access Risks Across an Expanded Workforce

Thu, 02/11/2021
While no one could have anticipated the way in which COVID-19 would change the workforce over the last year, perhaps even more unexpected is the lasting impact the pandemic will have on remote work. With millions of employees still working from home, organizations are especially vulnerable because they lack visibility into the actual access levels employees possess across the collaboration tools...
IGA
2021 SIEM Report
Guide

2021 SIEM Report

SIEM Solutions Remain a Critical Part of Security Portfolios Security Information and Event Management (SIEM) solutions have been around for well over a decade, helping organizations streamline their security by managing security events. They are now well known for their ability to collect, aggregate, and analyze log and event data from systems across the IT stack in order to monitor, identify,...
SIEM
Video

What's new in Core Impact 19.1

Thu, 02/04/2021
Core Impact version 19.1 has new functionality for web applications testing, along with enhancements made to all other attack vectors. Additionally, updates have been made to local information gathering modules, as well as libraries and embedded features. The video below highlights the other new features for performing penetration tests. ...
Penetration Testing
3 Ways Core Impact Can Benefit Large Security Teams
Blog

3 Ways Core Impact Can Benefit Large Security Teams

Tue, 02/02/2021
As the need for regular security assessments continues to grow, penetration testing tools are helping organizations advance their in-house programs through strategic automation. However, there is a misconception that automated tools are best for those with a reduced headcount, like small teams or individuals. Fortunately, Core Impact is designed with every team in mind, and offers capabilities...
Penetration Testing
Remote worker
Video

Core Provisioning Quick Look Demo

Mon, 02/01/2021
Learn more about streamlined access provisioning with this quick look into Core Provisioning. This overview provides you a tour of the solution and shows exactly how Core Provisioning automates the creation and management of user accounts and access rights. You'll see how you can have complete context of the relationships between users, access rights, resources, and user activity and compliance...
IGA
Video

Best Practices for Effective Phishing Campaigns

Mon, 02/01/2021
Phishing has been around almost as long as the Internet. While some attempts can be spotted a mile away, others have grown increasingly sophisticated. Even the best enterprise spam filters can’t catch every malicious communication. Unfortunately, a single careless click from an employee can have devastating consequences for the entire organization. But what’s the best way to improve employee...
Phishing
Blog

New Approaches to the SWIFT and PCI-DSS Framework

Mon, 02/01/2021
THE WORLD OF COMPLIANCE At the official start of summertime 2016 in Britain we are starting to consume the labour of last autumn, five gallons of alcoholic homemade cider (yum!) made from eight apple varieties grown in mine and my neighbors’ gardens. I’m very VERY careful sterilizing glassware, containers, and buckets: there was this unfortunate incident three years ago (no, you don’t want to hear...
PAM
IGA
Blog

Pros and Cons for Puppet's Configuration Management & Security

Mon, 02/01/2021
THE GOOD, THE BAD AND THE UGLY I was at the Red Hat Summit in Boston at the end of June. We had a lot of activity at our exhibitor stand, and a lot of discussions being passed on to me by our sales team I continued to have the same conversation again and again over the three days. This seems to be the year people have finished bedding down Puppet in their server/VM infrastructure, and are looking...
IGA
Core Password Quick Look Demo
Video

Core Password Quick Look Demo

Mon, 02/01/2021
Learn more about secure self-service password management with this quick look into Core Password. This overview provides you a tour of the solution and shows exactly how Core Password ensures that password policies are consistently enforced. ...
IGA
Digital lockpad inside circle
Video

Core Compliance Quick Look Demo

Sat, 01/30/2021
Learn how to simplify managing access privileges and certifications with this quick look into Core Compliance. This overview provides you a tour of the solution and shows exactly how Core Compliance enables you to identify and manage access rights across systems, platforms, and applications in a single system. ...
Datasheet

Department of Energy Core Security Blanket Purchase Agreement (BPA)

Core Security's Blanket Purchase Agreement (BPA) with the Department of Energy (DOE) establishes a cooperative agreement that streamlines the purchase process, allowing Core Security to efficiently fulfill the recurring needs of the DOE, with their specific requirements in mind. Products Core Impact This penetration testing platform provides a framework for efficiently uncovering and safely...
Penetration Testing
Threat Detection
Securing IOT Devices
Blog

6 Steps to Better Securing the Internet of Things (IoT)

Tue, 01/19/2021
These days, an organization’s technology stack isn’t merely computers and servers. The Internet of Things (IoT)—a catch all term for the many different devices that have sensors or software that connect them to the Internet—has carved out a foothold in every industry. Hospitals are filled with devices that monitor patient status, farmers are using sensors placed in the ground to obtain data about...
Penetration Testing
Phishing
gettting inside the mind of an attacker part 5
Blog

Getting Inside the Mind of an Attacker Part 5: Final Words of Advice

Mon, 01/11/2021
Authored by: Julio Sanchez In part four of this series, we examined a penetration testing engagement that the Core Security Services team performed, exploring an insider attacker engagement that showed one of the ways an attacker can escalate their privileges using Kerberos tickets. The four scenarios presented over the course of this series demonstrate the many types of attacks, both internal and...
Penetration Testing
Phishing
Blog

Ways Hackers Look to Exploit State and Local Governments

Mon, 12/28/2020
Don’t for a minute think that bad actors have no interest in the information you collect in your state or local office. Whether you work for the City Water Department or the Department of Tax and Revenue for your county, you are collecting data that is critical to not only your job – but for all of the organizations and people that work and live within your territory. Even if you aren't employed...
2021 predictions
Blog

Adapting to a Changed World: 6 Cybersecurity Predictions for 2021

Tue, 12/22/2020
As a new year looms bright with possibility in front of us, how can we prepare for a world that looks profoundly different than it did a year ago? On the cybersecurity front, we can always anticipate continuing battles with familiar foes, as well as a few new challenges on the horizon. Though we may not have a crystal ball, based on our observations and discussions, here are six predictions for...
Penetration Testing
Threat Detection
PAM
IGA