Resources

Core Impact Helps Secure PCI DSS
Blog

Core Impact Helps Secure PCI DSS v4.0 Requirement 11

Tue, 07/26/2022
The Payment Card Industry Data Security Standard (PCI DSS) creates policies and procedures for networks, systems, and other payment card processing equipment in order to reduce credit card fraud. It includes 12 main provisions that must be adhered to not only to stay compliant, but to build and maintain a strong security posture that protects sensitive financial data.Requirement 11 is of...
Compliance
python agent
Blog

Core Impact Updates: Python Agents and OWASP Top 10

Wed, 07/20/2022
Though we have a new release planned for later this year, we’ve made some updates to Core Impact that we just couldn’t wait to release and share! First, we have a new agent written in Python to expand its use to different environments and further enhance its flexibility. Additionally, we’re staying on top of the latest threats by updating to the latest OWASP Top 10 list, making web application...
Penetration Testing
Article

Analysis of CVE-2022-30136 “Windows Network File System Vulnerability“

I wanted to write this article to demonstrate the analysis I did while developing the Core Impact exploit “Windows Network File System Remote” that abuses the CVE-2022-30136 vulnerability. 1)The Vulnerability The Windows Network File System Remote Code Execution vulnerability is a size calculation error that occurs when creating the server response in a COMPOUND REQUEST using version 4.1 of NFS....
Video

Adopting a Proactive Approach to Federal Cybersecurity

Thu, 07/14/2022
Cyber criminals focus on the easiest targets, which often are federal agencies. A recent White House Executive Order on cybersecurity puts renewed focus squarely on securing federal network infrastructure. The order promotes, among other things, modernizing federal cybersecurity, improving detection of vulnerabilities and incidents, and moving toward a Zero Trust security model. But where do...
Penetration Testing
Datasheet

Essentials Bundle – Fortra VM and Core Impact

Fortra Vulnerability Management (formerly Frontline VM™) and Core Impact offer distinct but complementary approaches to infrastructure security. Fortra VM, a SaaS-based vulnerability management platform, specializes in intelligent network scanning and vulnerability prioritization. Core Impact, an automated penetration testing tool, focuses on simulating the exploitation of vulnerabilities and...
Penetration Testing
Datasheet

Offensive Security - Elite Bundle

Fortra’s Elite Offensive Security Bundle is comprised of three distinct enterprise-grade tools: Fortra VM scans networks for vulnerabilities, Core Impact pen tests exploitation paths and lateral movement, and Cobalt Strike simulates advanced adversary tactics for Red Team operations. Ideal for proactive security testing, each solution excels independently while uniting effectively to serve...
Video

The Critical Next Steps After a Pen Test

Fri, 06/17/2022
You’ve completed a pen test and, not surprisingly, the offensive security exercise turned up multiple weak points and exploitable vulnerabilities across your enterprise environment. Now what? How do you do ensure your pen test results are actionable and that you get the support from leadership to act on the findings? How do you assess the risk and threat level of each discovered issue and create...
Offensive Cybersecurity
Penetration Testing
Proactive Guide to Federal Cybersecurity thumbnail
Guide

A Proactive Approach to Federal Cybersecurity

Cyber criminals focus on the easiest targets, which often are federal agencies. A recent White House Executive Order on cybersecurity puts renewed focus squarely on securing federal network infrastructure, which means federal agencies must step up their security games, complying with both existing and emerging regulations related to information security. Among other things, the order promotes...
Penetration Testing
Red Team
Security shield with keyhole
Video

Total Vulnerability Management: Securing Both Networks and Applications

Mon, 06/06/2022
To secure your organization effectively, you need to manage vulnerabilities in both your networks and applications. This requires a strategic approach to vulnerability management that looks at everything from application code to systems integrations. In this session, we will discuss vital steps in managing vulnerabilities and share which types of tools are best for each task. Included in this...
Getting Inside the Mind of An Attacker Part One Thumbnail
Video

Proactive Cybersecurity - The One Place Where "You're Being Offensive" is a Compliment

Mon, 06/06/2022
Cyber attackers are often portrayed as evil masterminds, but the truth is, most attackers are looking for the simplest wins. So what’s the best way to reduce your risk against threat actors? In addition to having reactive solutions and processes in place, organizations should also take a proactive approach, placing as many obstacles in an attacker’s way to make it too labor intensive to bother...
Penetration Testing
Are you ready for a pen test
Blog

Are You Ready for a Penetration Test?

Thu, 05/26/2022
The phrase “you’ve got to walk before you can run” is something that we’ve all heard and rolled our eyes at least once in our lives after we’ve attempted an advanced skill before mastering the basics. The saying is unfortunately very accurate when it comes to cybersecurity. Maturing your vulnerability management program is a process that must be done thoughtfully, ensuring you have a proper...
Penetration Testing
External Attacks on Active Directory
Video

Getting Inside the Mind of an Attacker: Active Directory Attack Scenarios

Thu, 05/26/2022
Active Directory is often considered the holy grail for cyber attackers, and for good reason. Once they have control of this critical asset, they essentially have the keys to the kingdom and can easily access, create, or modify any of the main accounts, including trust relationships and domain security policies. Despite best efforts and intentions, Active Directory may be far more at risk than we...
Building a Proactive Security Strategy
Video

Building a Proactive Security Strategy

Sat, 05/21/2022
Advancing your vulnerability management programme may be a journey, but it is a journey well worth taking and cannot be done overnight. As your programme matures the better your organisation can avoid costly attacks and breaches that may harm your business and reputation. Learn how a proactive cybersecurity program can be a game changer for an organisation's success through continuously assessing...
Penetration Testing
ransomware simulator
Blog

Core Impact Introduces Ransomware Simulation

By Pablo Zurro on Fri, 05/20/2022
Once upon a time, it was often necessary to define the term “ransomware” as it was frequently met with questioning looks and the need for clarification. Nowadays, you can hardly go a day without hearing about some sort of attack. What has made ransomware such a pervasive threat, and how can organizations learn to better protect themselves? In this blog, we’ll discuss why so many are worried about...
Penetration Testing
Article

Core Impact Issues Latest Exploit for F5 BIG-IP iControl REST Vulnerability

The F5 BIG-IP iControl REST vulnerability, a critical authentication bypass vulnerability that leads to unauthenticated remote code execution, is quite simple to exploit and provides an attacker with a method to execute arbitrary system commands as root. In this blog, we’ll explore exactly what this vulnerability is and how Core Impact can help you quickly uncover and exploit it during a...
Penetration Testing
What is OWASP
Blog

What is OWASP?

Tue, 05/03/2022
The cybersecurity world has so many acronyms, and yet we pretend to know what all of them are. However, there are many occasions that leave us wracking our brains, trying to remember what one stands for. Is it a product? An organization? A process? One acronym that everyone should know is OWASP—the Open Web Application Security Project. OWASP is a vital non-profit that works to improve software...
Penetration Testing
Achieve SIEM Success
Blog

Overcome These 3 Challenges to Achieve SIEM Success

By Pablo Zurro on Tue, 05/03/2022
Security Information and Event Management (SIEM) solutions can take much of the tedium and guesswork out of monitoring, managing, and prioritizing critical security events. That’s why increasing numbers of cybersecurity professionals are embracing SIEM. In the 2022 SIEM Report from Cybersecurity Insiders, 80% of cybersecurity professionals consider SIEM to be very important or extremely important...
SIEM
Guide

2022 SIEM Report

Security Information and Event Management (SIEM) solutions help organizations like yours centralize security protocols through effective security event management. SIEM solutions collect, aggregate, and analyze log and event data from various IT systems, creating reports on suspicious activity to monitor the health of the IT environment. The 2022...
SIEM
ransomware simulator
Video

Keeping Security SIEM-ple: 2022 Survey Results Revealed

Thu, 04/21/2022
With the dizzying number of systems, applications, and devices used in today’s organizations, constant data streams leave security professionals poring over endless security event alerts. Security Information and Event Management (SIEM) solutions aim to simplify the chaos by monitoring data sources for unusual activity to help identify and escalate critical security events. According to the 2022...
SIEM
Article

Proof of Concept: CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability

In this blogpost, we’ll briefly describe how we developed a DoS module for CVE-2022-21907. Instead of viewing it in a result-oriented way, we’ll approach it from a research standpoint, describing the process of developing this module for Core Impact. On Jan 11th 2022 Microsoft released a Security Update for a RCE vulnerability (CVE-2022-21907) in http.sys. According to Microsoft, this...