Resources
Video

Cobalt Strike Introduction and Demo

Tue, 10/24/2023
Cobalt Strike helps organizations conduct advanced adversary simulations and Red Team engagements with ease, allowing your organization to effectively measure your security operations program and incident response capabilities.This on-demand Cobalt Strike demo includes a guided walkthrough of using Cobalt Strike in a small cyber range. The demo touches on several security topics to help...
Red Team
Article

Impacket Updates: We Love Playing With Tickets

After the latest Impacket release, we have continued the process of integrating functionality submitted during the gap between the 0.10 and 0.11 releases. In this blog, we will highlight three items that were in our backlog during that period, which are now in the process of being fully implemented into the tool. All of them are related to kerberos functionality. ...
Datasheet

Wireless Network Pen Testing

Wireless Penetration Testing Wireless networks are appealing attack targets since they don’t require an attacker to be in the physical building, only in the vicinity. While it’s challenging to prevent wireless network attacks, there are some proactive measures you can take to make it harder for cybercriminals to succeed, including penetration testing. Our wireless penetration testing methodology...
Core Security blog thumbnail
Blog

Best Security Practices for Digital Banking

Thu, 09/14/2023
Online banking is nearly universal in 2023. No more long lines at the credit union, late-night ATM trips, or waiting for a check to be cashed. Digital banking has revolutionized the financial industry and the way we do business as a whole. However, it has also indelibly increased the risk of cyberattacks, social engineering scams, and online compromise to the financial community. Here are some...
Offensive Cybersecurity
Core Security blog thumbnail
Blog

Accelerating Security Maturity with Fortra Bundles

Mon, 08/21/2023
In The Importance of Layering Offensive Security Solutions, Fortra experts underscore the advantage of developing a single source offensive security tooling portfolio. Read on to find out the necessary ingredients for a proactive strategy and why Fortra’s ability to combine and maximize solutions optimizes security and produces the most effective outcomes. The Five Elements of an Offensive...
Offensive Cybersecurity
blog article thumbnail
Blog

Cybersecurity Heats Up in the Summer

Mon, 08/14/2023
When school is out for summer, it seems like everyone is on vacation – everyone except your (un)friendly neighborhood cybercriminals. Something about the summer months puts us off our guard and threat actors on high alert. The only way to stay safe is to know what’s causing the trouble in the first place. We’ve packed our sunscreen – now read on to find out how to make sure your security also...
Offensive Cybersecurity
Article

Getting Physical: Extreme abuse of Intel based Paging Systems - Part 1

Hi, After Enrique Elias Nissim (@kiqueNissim) and I presented "Getting Physical: Extreme abuse of Intel based Paging Systems" at CanSecWest2016, I decided to write a series of blog posts explaining in detail what we presented and show what we couldn't in a full time talk (50 minutes of presentation is a lot but not in this case !). The idea of these blog posts is to explain how the Windows/Linux...
blog article thumbnail
Blog

Standardizing Red Teaming for the Financial Sector with the TIBER EU Framework

Tue, 08/08/2023
Cyber attacks may not have been around when Ben Franklin said, “By failing to prepare, you are preparing to fail,” but it has become an appropriate cybersecurity principle, nonetheless. So what does preparation involve and how are organizations ensuring that is integrated into their security strategy? One example is the TIBER EU Framework, a set of standardized red teaming procedures designed for...
Offensive Cybersecurity
Article

Impacket v0.11.0 Now Available

We are thrilled to announce a new version of Impacket! After months of hard work and dedication, Impacket v0.11.0 is now available and has a bunch of new and exciting features. We can’t wait for you to explore and enjoy the added capabilities that come with this version! Let’s take a look at everything new included in this release. What’s New in Impacket v0.11.0? Long Live the Golden Tickets In...
Datasheet

Offensive Security Bundles & Suites from Fortra

To stay ahead of cyber threats, organizations must anticipate attacks and eliminate weaknesses before they are exploited. This requires offensive security tactics delivered by an effective set of proactive tools that include pen testing, red teaming and vulnerability management. With our bundle and suite offerings, we simplify the process of assembling a layered offensive security stack by...
Offensive Cybersecurity
Video

Bundling Up: The Importance of Layering Offensive Security Solutions

How can we do more with less? It’s a question all cybersecurity teams are asking themselves as they are confronted with more attacks and fewer resources. A proactive strategy that layers offensive security solutions like vulnerability management, pen testing, and red teaming can give your team the capabilities and efficiency it needs to identify threats and protect your critical assets. In this...
Offensive Cybersecurity
blog article thumbnail
Blog

Underestimating the Why of Ransomware

Tue, 07/18/2023
Organized ransomware isn’t slowing down – in fact, a group just discovered a month ago is already responsible for dozens of attacks – and they are experts at discovering weaknesses we miss. With so many sophisticated new security tools and so much stack investment, how do we continue to play catch-up to roving ransomware groups? Because the reality is, we’re all prone to making mistakes. The 2023...
Offensive Cybersecurity
Article

Analysis of CVE-2023-28252 CLFS Vulnerability

Recently, the Nokoyawa ransomware group, which has been active since In February 2022, was found to be exploiting a Windows zero-day vulnerability in one of its attacks. This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this...
blog article thumbnail
Blog

Prioritizing Cybersecurity During Organizational Change

Thu, 06/22/2023
The times, they are a changin', as Bob Dylan would say. It's a time of a lot of global change, leading to dramatic shifts in different industries. Organizations have to be agile and change along with it, all while keeping cybersecurity top of mind. New changes mean new attack vectors One thing that comes with new changes are new attack vectors. That's why organizations need to stay vigilant during...
Offensive Cybersecurity
Penetration Testing
Video

Prioritizing Blue Team Success Over Red Team Wins

Wed, 06/21/2023
Though red teaming is sometimes perceived as pen testing with the gloves off, in reality, the goal of these engagements isn’t to prove how much damage these skilled testers can do. Modern red teams must set out to provide learning opportunities for organizations and their blue teams, running attack simulations to help teach them how to better protect their infrastructure against real-world attacks...
blog article thumbnail
Blog

Three Reasons Why Organizations Should Always Retest After an Initial Pen Test

Wed, 06/07/2023
What’s the point of establishing a baseline if you don’t intend to track your progress? When organizations only run an initial pen test, they are only getting half the picture. A pen test is used to give a business a baseline idea of how well their systems would stack up against hackers who wanted to exploit vulnerabilities. Once the results are delivered, it’s up to the team to implement those...
Offensive Cybersecurity
Penetration Testing
blog article thumbnail
Blog

Active Directory Attack Paths Discovery: Leverage the Power of BloodHound Within Core Impact

By Pablo Zurro on Wed, 05/31/2023
Some time ago, Core Impact added a module that supports the use BloodHound, a data analysis tool that uncovers hidden relationships within an Active Directory (AD) environment. This module enabled the collection of Active Directory information through the Agent using SharpHound. Additional modules have now been added to allow Core Impact users to further utilize Bloodhound. In this blog, we’ll...
Offensive Cybersecurity
Penetration Testing
blog article thumbnail
Blog

The Danger of Overconfidence in Cybersecurity

Thu, 05/25/2023
There’s something positive about a healthy degree of fear. It lets us understand our own limitations, heightens our senses, and keeps us alive. The tendency to err on the side of caution was called out in our recent 2023 Penetration Testing Report as a smart practice when it comes to cybersecurity. In fact, though security professionals reported less confidence in their security posture, this loss...
Offensive Cybersecurity
Penetration Testing
blog article thumbnail
Blog

Upskilling and Reskilling Your IT Team With User Friendly Offensive Security Tools

Thu, 05/18/2023
As cybersecurity needs continue to rise, it’s no secret that organizations are having to do more with less. In any given company one can find modern-day use of the old adage, “Patch it up, wear it out, make it do or do without.” That make it do part is exactly what upskilling and reskilling is all about. As companies respond to growing threat appetites with fewer qualified personnel in the job...
Offensive Cybersecurity
Penetration Testing
Datasheet

Offensive Security Suite

Fortra’s Offensive Security Suite is comprised of three distinct enterprise-grade tools: Core Impact tests exploitation paths and lateral movement, Cobalt Strike enables advanced adversary tactics for Red Team operations, and OST provides a broad arsenal for evasive attack simulation. Additionally, this suite provides exclusive Cobalt Strike Research Labs access plus operator training. Ideal for...
Offensive Cybersecurity
Penetration Testing
Red Team