Resources

Article

Reversing and Exploiting with Free Tools: Part 14

In part 13, we analyzed and adapted the RESOLVER for 64 bits. In this part, we’ll discuss how to analyze the difficulty of creating a rop depending on the scenario. As we have seen in the previous tutorials, the difficulty of creating a rop can vary depending on the circumstances and characteristics of the vulnerability. The four questions we have previously introduced also helps us discover the...
Blog

Active Directory Attack Scenarios: The Path from Printer to Domain Admin

Active Directory is an essential application within an organization, facilitating and centralizing network management through domain, user, and object creation, as well as authentication and authorization of users. Active Directory also serves as a database, storing usernames, passwords, permissions, and more. Active Directory is a perfect example of a technological double-edged sword. While such...
Blog

Common Security Concerns and How to Reduce Your Risk

What common security risks/entry points are you most concerned about?In our 2024 Pen Testing Survey we asked what common security risks concerned respondents most. While phishing (80%) and ransomware (72%) were the top concerns, other options had a high enough percentage to warrant further discussion. These included: • Misconfiguration• Poor passwords• Lack of patching• Orphaned...
Blog

Penetration Testing for Regulatory Compliance

According to the 2023 Pen Testing Report, 93% of cybersecurity professionals reported pen testing was at least somewhat important for their compliance initiatives. Why is pen testing as a key component of compliance initiatives, and what is the best strategy for meeting this requirement?
Blog

4 Steps to Take Following a Pen Test

Congratulations! You’ve just completed a penetration test. So what now? A pen test shouldn’t represent the pinnacle of your security efforts. Rather, the test validates what your organization is doing right and highlights areas for improvement. Even if the test showed that it was possible to gain administrative access and move laterally through your network, this doesn’t mean you have “failed.”...
Article

Creating Processes Using System Calls

When we think about EDR or AV evasion, one of the most widespread methods adopted by offensive teams is the use of system calls (syscalls) to carry out specific actions. This technique is so common and effective simply because most AVs/EDR have userland hooks to track and intercept requests userland processes make. However, we found that a key userland API, CreateProcess, is still extensively used...
Blog

Going on the Offensive: Federal Agencies Must Move from a Reactive to Proactive Security Approach 

Modern threat actors and the condition of today’s threat landscape are forcing the collective hand of cybersecurity to go on the offensive -- and federal agencies are no exception. As cyber attackers grow increasingly adept at identifying and exploiting infrastructure weaknesses, they will opt for the path of least resistance. Therefore, agencies with a security posture that goes beyond...
Blog

Core Impact Helps Secure PCI DSS v4.0 Requirement 11

The Payment Card Industry Data Security Standard (PCI DSS) creates policies and procedures for networks, systems, and other payment card processing equipment in order to reduce credit card fraud. It includes 12 main provisions that must be adhered to not only to stay compliant, but to build and maintain a strong security posture that protects sensitive financial data.Requirement 11 is of...
Blog

Core Impact Updates: Python Agents and OWASP Top 10

Though we have a new release planned for later this year, we’ve made some updates to Core Impact that we just couldn’t wait to release and share! First, we have a new agent written in Python to expand its use to different environments and further enhance its flexibility. Additionally, we’re staying on top of the latest threats by updating to the latest OWASP Top 10 list, making web application...
Article

Analysis of CVE-2022-30136 “Windows Network File System Vulnerability“

I wanted to write this article to demonstrate the analysis I did while developing the Core Impact exploit “Windows Network File System Remote” that abuses the CVE-2022-30136 vulnerability. 1)The Vulnerability The Windows Network File System Remote Code Execution vulnerability is a size calculation error that occurs when creating the server response in a COMPOUND REQUEST using version 4.1 of NFS....
Video

Adopting a Proactive Approach to Federal Cybersecurity

Cyber criminals focus on the easiest targets, which often are federal agencies. A recent White House Executive Order on cybersecurity puts renewed focus squarely on securing federal network infrastructure. The order promotes, among other things, modernizing federal cybersecurity, improving detection of vulnerabilities and incidents, and moving toward a Zero Trust security model. But where do...
Datasheet

Essentials Bundle – Fortra VM and Core Impact

Fortra Vulnerability Management (formerly Frontline VM™) and Core Impact offer distinct but complementary approaches to infrastructure security. Fortra VM, a SaaS-based vulnerability management platform, specializes in intelligent network scanning and vulnerability prioritization. Core Impact, an automated penetration testing tool, focuses on simulating the exploitation of vulnerabilities and...
Datasheet

Offensive Security - Elite Bundle

Fortra’s Elite Offensive Security Bundle is comprised of three distinct enterprise-grade tools: Fortra VM scans networks for vulnerabilities, Core Impact pen tests exploitation paths and lateral movement, and Cobalt Strike simulates advanced adversary tactics for Red Team operations. Ideal for proactive security testing, each solution excels independently while uniting effectively to serve...
Video

The Critical Next Steps After a Pen Test

You’ve completed a pen test and, not surprisingly, the offensive security exercise turned up multiple weak points and exploitable vulnerabilities across your enterprise environment. Now what? How do you do ensure your pen test results are actionable and that you get the support from leadership to act on the findings? How do you assess the risk and threat level of each discovered issue and create...
Guide

A Proactive Approach to Federal Cybersecurity

Cyber criminals focus on the easiest targets, which often are federal agencies. A recent White House Executive Order on cybersecurity puts renewed focus squarely on securing federal network infrastructure, which means federal agencies must step up their security games, complying with both existing and emerging regulations related to information security. Among other things, the order promotes...
Video

Total Vulnerability Management: Securing Both Networks and Applications

To secure your organization effectively, you need to manage vulnerabilities in both your networks and applications. This requires a strategic approach to vulnerability management that looks at everything from application code to systems integrations. In this session, we will discuss vital steps in managing vulnerabilities and share which types of tools are best for each task. Included in this...
Video

Proactive Cybersecurity - The One Place Where "You're Being Offensive" is a Compliment

Cyber attackers are often portrayed as evil masterminds, but the truth is, most attackers are looking for the simplest wins. So what’s the best way to reduce your risk against threat actors? In addition to having reactive solutions and processes in place, organizations should also take a proactive approach, placing as many obstacles in an attacker’s way to make it too labor intensive to bother...
Blog

Are You Ready for a Penetration Test?

The phrase “you’ve got to walk before you can run” is something that we’ve all heard and rolled our eyes at least once in our lives after we’ve attempted an advanced skill before mastering the basics. The saying is unfortunately very accurate when it comes to cybersecurity. Maturing your vulnerability management program is a process that must be done thoughtfully, ensuring you have a proper...
Video

Getting Inside the Mind of an Attacker: Active Directory Attack Scenarios

Active Directory is often considered the holy grail for cyber attackers, and for good reason. Once they have control of this critical asset, they essentially have the keys to the kingdom and can easily access, create, or modify any of the main accounts, including trust relationships and domain security policies. Despite best efforts and intentions, Active Directory may be far more at risk than we...