Resources

cybersecurity-trends-predictions
Blog

The New Normal in Cybersecurity: Examining the Top Three 2021 Trends

Tue, 01/04/2022
The past year has shown organizations that uncertainty and a transformed reality are the new normal in business. While remote work was intended as a temporary response to the global pandemic, it is now considered a regular part of the business environment—fundamentally altering the way companies operate. This means organizations have had to respond in real-time to shift their cybersecurity...
Penetration Testing
Red Team
Threat Detection
IGA
IAM
Compliance
Article

Writing Beacon Object Files: Flexible, Stealthy, and Compatible

This post focuses on creating Cobalt Strike Beacon Object Files using the MinGW compiler on Linux. We will discuss several ideas and best practices that will increase the quality of your BOFs. Flexibility Compiling to Both Object Files and Executables While writing a BOF is great, it’s always worth making the code compile to both BOF and EXE. This provides a lot more options: we could run our...
Article

Core Impact Issues Latest Exploit for Log4Shell Vulnerability

The Log4Shell vulnerability, a serious remote code execution vulnerability in the Apache Log4j2 library, is one of the best candidates for winning several Pwnie awards in 2022. What is the Log4Shell Vulnerability? CVE-2021-44228 is an improper input validation vulnerability (CWE-20). Any attacker who controls log messages or log message parameters is able to execute arbitrary code loaded from LDAP...
Flying padlock
Video

Cybersecurity in a Changed World: 2021 Trends and 2022 Predictions

Wed, 12/08/2021
If 2020 seemed like an anomaly, 2021 proved to us that it’s time to get comfortable with the transformed reality. Remote work, intended as a temporary response to COVID-19, is now an increasingly standardized way to operate. With face-to-face operations no longer the norm, numerous organizations have shifted to a technology-driven strategy. We’ve seen a rise in initiatives like self-service or...
Penetration Testing
What is the MITRE Attack Framework
Blog

What is the MITRE ATT&CK® Framework?

Mon, 12/06/2021
The MITRE ATT&CK Framework was created in 2013 to create a comprehensive document of tactics, techniques, and procedures that cyber attackers were regularly using to breach the defenses of individuals and organizations. Since then, it has grown to be a global knowledge base that has helped to standardize defensive security and remains accessible to all security professionals. This framework...
Penetration Testing
Reflections on Ekoparty 2021
Blog

Reflections on Ekoparty 2021

By Ricardo Narvaja on Tue, 11/30/2021
Ekoparty began as an underground hacking event, but has grown into one of the foremost cybersecurity conferences in Latin America. This year was the 20th anniversary of the incredible infosec event, which takes place every year in Buenos Aires. In order to discover insights from this year’s conference, we talked with two experts from Core Security who attended, and also served as trainers at the...
Penetration Testing
Video

Core Impact 21.2 Overview

Mon, 11/29/2021
We’re pleased to announce a new release of Core Impact! Version 21.2 introduces the MITRE ATT&CK™ framework, a matrix of attack tactics and techniques that serves as a reference for cybersecurity professionals which has become a standard in defensive security. Core Impact users can now create MITRE ATT&CK™ reports to classify engagement results according to the matrix, and gain further insight...
Penetration Testing
Core Impact 21.2
Blog

Core Impact 21.2: Incorporating the MITRE ATT&CK™ Framework and Attack Map Enhancements

Mon, 11/29/2021
The latest release of Core Impact has arrived! Version 21.2 underscores our alignment with the cybersecurity community, incorporating the MITRE ATT&CK™ framework to provide further insights into security weaknesses. We’ve also added additional features to Core Impact’s attack map, making the penetration testing process even more intuitive. The MITRE...
Penetration Testing
critical-access-risks-security
Blog

Five Critical Access Risks You Should Find Before an Audit Does

Thu, 11/18/2021
Like a lot of organizations today, your company is facing increasing demands to support and protect countless systems, applications, and platforms that contain sensitive business data by controlling access to this critical information. On top of this, you are pressured to meet ongoing regulatory compliance and industry mandates. Nearly every industry today has specific regulatory requirements and...
PAM
IGA
IAM
Article

Nanodump: A Red Team Approach to Minidumps

Motivation It is known that dumping Windows credentials is a technique often utilized for everyday attacks by adversaries and, consequently, Red Teamers. This process has been out there for several years and is well documented by MITRE under the T1003.001 technique. Sometimes, when conducting a Red Team engagement, there may be some limitations when trying to go beyond the early detection of this...
man-at-computer-with-locks
Video

A Secure Alliance: How Vulnerability Management and Penetration Testing Work Together

Wed, 11/10/2021
IT environments have grown increasingly sophisticated, giving individuals and businesses capabilities they never could have dreamed of 20 years ago. However, the only thing growing faster than technology are the threats to it. While there is no foolproof way to stop every cyber-attack, a strategic combination of security resources can make your cyber defenses formidable. When used together,...
We’re In: Tired Hacking Tropes in TV Shows and Movies
Blog

We’re In: Tired Hacking Tropes in TV Shows and Movies

Wed, 11/03/2021
It’s a well-known fact that TV shows and movies pride themselves on their complete and total accuracy when it comes to portraying historical events, illnesses, or jobs. That’s how we know that everyone in olden times spoke in British accents no matter what country they were in, people with tuberculosis casually cough up blood while otherwise carrying on as normal, and all doctors wander about in...
Penetration Testing
Phishing
Core Impact Use Cases
Video

Staying One Step Ahead: Tips for Successful Penetration Testing

Tue, 10/26/2021
Penetration testing has fast become a common way to assess the state of an organization’s security. Using the same techniques as bad actors, pen tests determine risk by revealing and exploiting vulnerabilities such as unpatched devices, misconfigurations, or careless end-user behavior. As cyber attackers grow increasingly relentless, penetration testing is a powerful tool that can empower you to...
Penetration Testing
mergers-acquisitions-identity-access-management
Blog

IAM in an M&A World: Finding the Right Balance Between Security and Efficiency

Thu, 10/21/2021
Make no mistake, the pace of mergers and acquisitions (M&A) has reached a fever pitch in the last year. Throughout 2021, M&A activity has continued to trend sharply upwards—with the rate of announcements projected to be the biggest ever in recorded history. Based a recent report in S&P Global Market Intelligence, by the second quarter of 2021, the “total global M&A value surpassed $1 trillion,”...
IGA
IAM
Article

Reversing and Exploiting with Free Tools: Part 11

In part 10, we started exploring different protections and mitigations that we may find. In this part, we’ll continue this exercise, completing the ROP bypass of the DEP. Roping Step by Step Typically, there are tools that, in simple cases can automatically build a ROP. However, in difficult cases, these tools generally can’t fully build one, or can only partially do so, leaving one to complete by...
Article

SAPCAR Heap Buffer Overflow: From crash to exploit

1. Introduction In this blog post, we will cover the analysis and exploitation of a simple heap buffer overflow found in SAPCAR a few weeks ago. SAP published security note #2441560 classifying the issue as "Potential Denial of Service". This post is our attempt to show
Article

Solving a post exploitation issue with CVE-2017-7308

As part of my daily work as an Exploit Writer, I decided to take a look at CVE-2017-7308. It is a Linux Kernel vulnerability related to packet sockets. I will not go into details about the bug itself or its exploitation because there is an…
cs-inside-mind-of-an-attacker-post-breach-final-advice-
Blog

Getting Inside the Mind of an Attacker: After the Breach – Final Words of Advice

By Julio Sanchez on Mon, 10/04/2021
Having your Active Directory breached is bad enough, but an attacker who gains persistence is even more dangerous. The longer they are able to hide in your Active Directory forest, the better chance they have of gaining access to your organization’s crown jewels. Undetected, they can comfortably wait for the most opportune time to take control, stealing your organization’s most sensitive data and...
Penetration Testing
Red Team
Top 12 Vulnerability Scanners for Cybersecurity Professionals
Blog

Top 14 Vulnerability Scanners for Cybersecurity Professionals

By Pablo Zurro on Mon, 09/27/2021
Vulnerability scanners are valuable tools that search for and report on what known vulnerabilities are present in an organization’s IT infrastructure. Using a vulnerability scanner is a simple, but critical security practice that every organization can benefit from. These scans can give an organization an idea of what security threats they may be facing by giving insights into potential security...
Penetration Testing