Resources

Blog

How You Can Benefit From Penetration Tests

Thu, 05/21/2020

There are many reasons to penetration test your organization – and not just to adhere to compliance protocols. Nonetheless, sometimes that’s the routine we get caught in, isn’t it? We do it just because we have to, but we don’t leverage the findings from the tests to better secure our business. Well, today’s the day we start leveraging and seeing the true value behind penetration testing. Take a...

Blog

Best Practices for Red Teams, Blue Teams, Purple Teams

Thu, 05/21/2020

Get the Most Out of Your Red Team

Video

How to Get a Grip on Managing Identity Chaos

Thu, 05/21/2020

Mitigating access-related risks and managing identity chaos seems nearly impossible in today’s complex business environment. Companies today are tasked with supporting countless devices, applications, and systems with access to key data, and face increasing demands from the business, from industry mandates, and from regulatory compliance. Security teams find themselves struggling to do more with...

Video

Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome

Thu, 05/21/2020

Traditional security operations often mean pitting the red team--which focuses on hacking and penetration testing to uncover weakness--against the more defensive stance of the blue team. With daily news of breaches and attacks, its critical to examine these techniques and see if new or supplemental approaches are needed. Cybersecurity experts will talk about when and how to go purple by merging...

Blog

Penetration Testing: Breaking in to Keep Others Out

Thu, 05/21/2020

What is Penetration Testing? Penetration testing is a direct test of an application, a device, a website, an organization, and even the people that work at an organization. It first involves attempting to identify and then attempting to exploit different security weaknesses that can be found in these various areas. Breaking into Your Own House It might be helpful to think of penetration testing...

Blog

Who to Have a Part of Your Red Team

Thu, 05/21/2020

Red Team Basics The SANS definition of a Red Team is, “a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access.” A Red Team should be formed with the intention of identifying and assessing vulnerabilities, testing assumptions, viewing alternate options for attack and revealing the limitations and risks...

Datasheet

Fortra Penetration Testing Services

Trusted by clients for more than 35 years, the services team at Fortra is composed of experienced, certified cybersecurity professionals who deliver security assessments and testing services. Our expert-led penetration tests use the latest ethical hacking tactics to find security gaps and potential attack paths, helping you shore up weaknesses and adhere to compliance standards. Select the...

Guide

Doing Financial Services Identity Governance & Privileged Access Management Right

Financial Services Organizations Face Extraordinary Challenges in a Dynamic, Complex Landscape During the last two decades, the financial services sector has experienced increasing cybersecurity threats, data breaches, and cyberattacks. In fact, financial services companies are 300 times more likely than organizations in other sectors to experience cyberattacks. Financial services organizations...

Datasheet

Core Access

Product Overview Core Access is a centralized access request management solution that simplifies the access request and approval process in your organization, all within a single interface. Using a shopping cart approach, Core Access provides a convenient web portal where end users and managers can request access and managers or application owners can review, approve, or deny access. Plus...

Datasheet

Core PDNS

By mapping the current and historical activity of domains and IPs, Core’s Passive DNS (PDNS) provides Incident Response, Fraud, and Security Operation Center teams the richest source of contextual, factual DNS activity data to investigate, mitigate, and protect against cyber threats. Core’s PDNS database is the industry’s largest, mapping 93 billion domains to IPs with trillions of DNS queries...

Datasheet

Event Manager

Turn Cybersecurity Data into Insight in Real-Time Event Manager is a cybersecurity insight and response platform that ensures critical events get the attention they require. Events are translated into an easy-to-interpret format, and critical events are separated from the noise in real time. This enables security analysts to act quickly and decisively, even without specialized knowledge of every...

Datasheet

Secure and Convenient Password Reset

Ineffective password management is a significant burden to organizations, resulting in increased costs and security vulnerabilities. But companies that use a strong self-service password management solution can decrease service desk call volume by up to 80 percent. Core Security provides a complete, integrated solution for secure telephone-based password resets. Core Password and Secure Reset...

Datasheet

Core Impact

Solution and Vendor Background Core Impact is the most comprehensive multi-vector solution for assessing and testing security vulnerabilities throughout your organization. Leveraging commercial-grade exploits, users can take security testing to the next level when assessing and validating security vulnerabilities. Core Impact is a product that is built and supported by Core Security, a Fortra...

Datasheet

Core Privileged Access Manager (BoKS)

Centralized Linux and UNIX Access Management for On-Premises and Cloud Environment Core Privileged Access Manager (BoKS) transforms your multi-vendor Linux and UNIX server environment into one centrally managed security domain. BoKS simplifies your ability to enforce security policies and features a simple configuration framework for streamlined, robust administration. Easily control access to...

Datasheet

Core Compliance

Identity and access management has become a complex Big Data problem for IT departments. The world of users, identities and access creates a continual demand for identity and access changes throughout the organization as employees move from new hire status to transfer, promotion and termination. So what happens when the auditors come in for access certification reviews? Are you sure your...

Datasheet

Core Provisioning

Provisioning is Core Security’s user provisioning solution for organizations seeking to improve alignment with business goals; cut costs; enforce compliance with internal security policies, industry standards and government regulations; and reduce the risk of security incidents. Part of Core Security’s Enterprise Suite of products, Core Provisioning delivers these benefits by accelerating the...

Datasheet

Core Impact

Core Impact empowers organizations to proactively minimize risk and protect critical assets by using the same techniques as today’s threat actors to assess their infrastructure’s security posture. This powerful platform provides a unified environment for managing all phases of the penetration testing process, from reconnaissance to reporting. Intuitive User Interface Core Impact features a...

Article

How to Phish with Core Impact

Core Impact 18.1 release brought a ton of streamlined enhancements and new capabilities to the client-side vector in general, and phishing in particular. To be clear on terms, I consider phishing to be inducing a target to follow a link presented in an email for the purposes of capturing credentials for some system or another. Using an email to get a user to overtly run a compromised attachment...

Article

Making something out of Zeros: Alternative primitive for Windows Kernel Exploitation

While working on the NVIDIA DxgDdiEscape Handler exploit, it became obvious that The GDI primitives approach discussed the last couple of years would be of no help to reliably exploit this vulnerability. So we came up with another solution: We could map some specially chosen virtual addresses...

Article

The Unpatched LSASS Remote Denial of Service (MS16-137)

In November 8, 2016 Microsoft released a security update for Windows Authentication Methods (MS16-137) which included 3 CVEs: Virtual Secure Mode Information Disclosure Vulnerability CVE-2016-7220 Local Security Authority Subsystem Service Denial of Service Vulnerability CVE-2016-7237 Windows NTLM Elevation of Privilege Vulnerability CVE-2016-7238 Talking specifically about CVE-2016-7237, this‚Ä¶

How You Can Benefit From Penetration Tests

Best Practices for Red Teams, Blue Teams, Purple Teams

How to Get a Grip on Managing Identity Chaos

Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome

Penetration Testing: Breaking in to Keep Others Out

Who to Have a Part of Your Red Team

Fortra Penetration Testing Services

Doing Financial Services Identity Governance & Privileged Access Management Right

Core Access

Core PDNS

Event Manager

Secure and Convenient Password Reset

Core Impact

Core Privileged Access Manager (BoKS)

Core Compliance

Core Provisioning

Core Impact

How to Phish with Core Impact

Making something out of Zeros: Alternative primitive for Windows Kernel Exploitation

The Unpatched LSASS Remote Denial of Service (MS16-137)

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum