Resources

External Attacks on Active Directory
Video

Getting Inside the Mind of an Attacker: Active Directory Attack Scenarios

Thu, 05/26/2022
Active Directory is often considered the holy grail for cyber attackers, and for good reason. Once they have control of this critical asset, they essentially have the keys to the kingdom and can easily access, create, or modify any of the main accounts, including trust relationships and domain security policies. Despite best efforts and intentions, Active Directory may be far more at risk than we...
Building a Proactive Security Strategy
Video

Building a Proactive Security Strategy

Sat, 05/21/2022
Advancing your vulnerability management programme may be a journey, but it is a journey well worth taking and cannot be done overnight. As your programme matures the better your organisation can avoid costly attacks and breaches that may harm your business and reputation. Learn how a proactive cybersecurity program can be a game changer for an organisation's success through continuously assessing...
Penetration Testing
ransomware simulator
Blog

Core Impact Introduces Ransomware Simulation

By Pablo Zurro on Fri, 05/20/2022
Once upon a time, it was often necessary to define the term “ransomware” as it was frequently met with questioning looks and the need for clarification. Nowadays, you can hardly go a day without hearing about some sort of attack. What has made ransomware such a pervasive threat, and how can organizations learn to better protect themselves? In this blog, we’ll discuss why so many are worried about...
Penetration Testing
Article

Core Impact Issues Latest Exploit for F5 BIG-IP iControl REST Vulnerability

The F5 BIG-IP iControl REST vulnerability, a critical authentication bypass vulnerability that leads to unauthenticated remote code execution, is quite simple to exploit and provides an attacker with a method to execute arbitrary system commands as root. In this blog, we’ll explore exactly what this vulnerability is and how Core Impact can help you quickly uncover and exploit it during a...
Penetration Testing
What is OWASP
Blog

What is OWASP?

Tue, 05/03/2022
The cybersecurity world has so many acronyms, and yet we pretend to know what all of them are. However, there are many occasions that leave us wracking our brains, trying to remember what one stands for. Is it a product? An organization? A process? One acronym that everyone should know is OWASP—the Open Web Application Security Project. OWASP is a vital non-profit that works to improve software...
Penetration Testing
Achieve SIEM Success
Blog

Overcome These 3 Challenges to Achieve SIEM Success

By Pablo Zurro on Tue, 05/03/2022
Security Information and Event Management (SIEM) solutions can take much of the tedium and guesswork out of monitoring, managing, and prioritizing critical security events. That’s why increasing numbers of cybersecurity professionals are embracing SIEM. In the 2022 SIEM Report from Cybersecurity Insiders, 80% of cybersecurity professionals consider SIEM to be very important or extremely important...
SIEM
Guide

2022 SIEM Report

Security Information and Event Management (SIEM) solutions help organizations like yours centralize security protocols through effective security event management. SIEM solutions collect, aggregate, and analyze log and event data from various IT systems, creating reports on suspicious activity to monitor the health of the IT environment. The 2022...
SIEM
ransomware simulator
Video

Keeping Security SIEM-ple: 2022 Survey Results Revealed

Thu, 04/21/2022
With the dizzying number of systems, applications, and devices used in today’s organizations, constant data streams leave security professionals poring over endless security event alerts. Security Information and Event Management (SIEM) solutions aim to simplify the chaos by monitoring data sources for unusual activity to help identify and escalate critical security events. According to the 2022...
SIEM
Article

Proof of Concept: CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability

In this blogpost, we’ll briefly describe how we developed a DoS module for CVE-2022-21907. Instead of viewing it in a result-oriented way, we’ll approach it from a research standpoint, describing the process of developing this module for Core Impact. On Jan 11th 2022 Microsoft released a Security Update for a RCE vulnerability (CVE-2022-21907) in http.sys. According to Microsoft, this...
Article

Reversing and Exploiting with Free Tools: Part 13

In part 12, we completed the ROP bypass of the DEP in 64 bits. In this part, we’ll analyze and adapt the RESOLVER for 64 bits. Resolution of the 64-Bit Exercise As a quick point of clarification, the shellcode is not mine. However, it is quite public, so it was simply adapted for this example. Complete Solution Script Just to mix things up a bit, let’s start out by looking at the complete...
The Importance of Penetration Testing for Cloud Infrastructures
Blog

The Importance of Penetration Testing for Cloud Infrastructures

Thu, 04/07/2022
With cybersecurity threats perpetually looming, many organizations have come to rely on penetration testing to assess their security stance and uncover weaknesses. According to the 2023 Pen Testing Report, 86% of respondents reported they pen test at least once a year. But are security teams testing every aspect of their IT infrastructure? Internal and external network penetration tests...
Penetration Testing
Pen Testing in Different Environments
Blog

Pen Testing in Different Environments

Thu, 04/07/2022
As security threats persist, cybersecurity professionals are increasingly relying on penetration testing to uncover weaknesses and assess their security stance. According to the 2023 Pen Testing Report, 94% of respondents reported pen testing was at least somewhat important to their security posture. Organizations use a variety of methods to conduct such tests, using pen testing services, in-house...
Penetration Testing
Upcoming Webinar or Event

Get Custom Pricing for the Offensive Security - Advanced Bundle

Advanced Bundle Overview Swiftly advance your cybersecurity program with this security testing bundle that features both an advanced penetration testing tool, Core Impact, and Cobalt Strike, threat emulation software intended for advanced adversary simulation and Red Team engagements. While Core Impact and Cobalt Strike enable a proactive approach to security individually, they are even more...
2022 Pen Testing Report
Video

The Practice of Pen Testing: 2022 Survey Results Revealed

Tue, 03/22/2022
It seemed like all the challenges of 2020 carried over into 2021, and cybersecurity was no exception. Threat actors appeared to outpace every industry with staggering numbers of cyber-attacks, perhaps most notably with the perpetual uptick in ransomware attacks and the Log4j zero-day vulnerability. It was a year in which many organizations learned the importance of proactive cybersecurity,...
Why It’s Not Core Impact vs. Core Impact
Blog

Why It’s Not Core Impact vs. Cobalt Strike

Tue, 03/15/2022
Making a decision on a new cybersecurity tool is never easy—particularly when it’s unclear how rival products compare. It’s tempting to simply type “product vs. product” into Google and see if one stands out as the clear favorite. However, sometimes you can find that two products have been mistakenly grouped together and aren’t actually in competition, but rather, they are in separate categories....
Penetration Testing
Red Team
Article

Analysis of CVE-2022-21882 "Win32k Window Object Type Confusion Exploit"

I wanted to write this blog to show the analysis I did in the context of developing the Core Impact exploit “Win32k Window Object Type Confusion” that abuses the CVE-2022-21882 vulnerability. It’s based on the existing Proof of Concept (POC), which is both interesting and quite complex. It may be difficult to understand everything that is happening by just reading the blogpost. I encourage readers...
Incorporating New Tools into Core Impact
Blog

Incorporating New Tools into Core Impact

Mon, 02/21/2022
Core Impact has further enhanced the pen testing process with the introduction of two new modules. The first module enables the use of .NET assemblies, while the second module provides the ability to use BloodHound, a data analysis tool that uncovers hidden relationships within an Active Directory (AD) environment. In this blog, we’ll dive into how Core Impact users can put these new modules into...
Penetration Testing
SIEM for SMB
Blog

4 Ways to Use SIEM for SMB

Tue, 02/08/2022
Security Information and Event Management (SIEM) solutions are often seen as a necessity only for large enterprises with massive environments to monitor for security threats. While this may have been true over a decade ago, in the early days of SIEM. Since then organizational IT infrastructures have become increasingly multifaceted, and the threat landscape continues to evolve. These days, small...
SIEM
Article

Reversing and Exploiting with Free Tools: Part 12

In part 11, we completed the ROP bypass of the DEP. In this part, we’ll begin our first exercise compiled in 64 bits. Before beginning, we’ll go over a few concepts in detail, because this exercise requires a new frame of reference. While the base is the same, it’s important to know the differences between 32 and 64 bits in order to be successful in reversing. Starting with 64 bits We’ve already...