Resources
Datasheet

Core Impact 101 Training

Welcome to Core Impact Training 101. This training is designed to give you an in-depth overview of this tool’s powerful pen testing features and provides a wealth of information that can add to your skillset. There is something for everyone in this training, from new security team members just starting to implement pen testing, to the battle-hardened cybersecurity veterans that can further enhance...
Penetration Testing
new exploit blog
Blog

Core Impact Monthly Chronicle: Exploits and Updates | June 2024

By Pablo Zurro on Thu, 07/11/2024
Core Impact Exploit Library AdditionsOne of Core Impact’s most valuable features is its certified exploit library. Fortra’s Core Security has a team of expert exploit writers that conduct research, evaluating and prioritizing the most relevant vulnerabilities in order to update the library with critical and useful exploits. Additionally, the QA team creates its own clean environment to validate...
Offensive Cybersecurity
Penetration Testing
cs-web-asset-thumbnails-guide-white-paper-pdf-download.jpg
Guide

Guide to Creating a Proactive Cybersecurity Strategy

More than 90% of companies worldwide have faced at least one cyber attack*. Given those odds, the question isn't if you'll be targeted by an attack, but rather will the attack be successful? Use a proactive security program of assessment and testing to battle-harden your cybersecurity measures, making your organization much tougher to breach. Proactive security uses a combination of...
Offensive Cybersecurity
Penetration Testing
Red Team
blog article thumbnail
Blog

CISO Commentary: The Art of Patching

By Chris Reffkin on Tue, 07/09/2024
Recently, Core Security released the 2024 Penetration Testing Report, which shares the results from an annual survey of cybersecurity professionals on their experiences with offensive security strategies and solutions. In this series, we’re taking a deeper dive into some of the most noteworthy findings from the survey, with expert insights from Fortra’s CISO, Chris Reffkin, and Lead Product...
Offensive Cybersecurity
Penetration Testing
blog article thumbnail
Blog

CISO Commentary: Budgeting for Offensive Security

By Chris Reffkin on Mon, 06/24/2024
Recently, Core Security released the 2024 Penetration Testing Report, which shares the results from an annual survey of cybersecurity professionals on their experiences with offensive security strategies and solutions. In this series, we’ll take a deeper dive into some of the most noteworthy findings from the survey, with expert insights from Fortra’s CISO, Chris Reffkin, and Lead Product Manager...
Offensive Cybersecurity
Penetration Testing
blog article thumbnail
Blog

CISO Commentary: How Often Should You Pen Test?

By Chris Reffkin on Mon, 06/10/2024
Recently, Core Security released the 2024 Penetration Testing Report, which shares the results from an annual survey of cybersecurity professionals on their experiences with offensive security strategies and solutions. In this series, we’ll take a deeper dive into some of the most noteworthy findings from the survey, with expert insights from Fortra’s CISO, Chris Reffkin, and Lead Product Manager...
Offensive Cybersecurity
Penetration Testing
new exploit blog
Blog

Core Impact Monthly Chronicle: Exploits and Updates | May 2024

By Pablo Zurro on Thu, 06/06/2024
Core Impact UpdatesNew UI and Usability Improvements for Reports The Core Impact Reports have been modernized, with data reviewed to improve its actionability and user friendliness.Phishing Attacks Efficiency ImprovementsThe links generated by Core Impact for phishing attacks and client-side exploits have had IOCs removed. Additionally, running simulations has been simplified and reduces the risk...
Offensive Cybersecurity
Penetration Testing
cs-web-asset-thumbnails-guide-white-paper-pdf-download.jpg
Guide

How to Use Upskilling and Reskilling to Scale Your Cybersecurity Team

Enhance your security team's capabilities without adding head countLeverage the resources you already have on hand. Invest in your existing workforce by:Upskilling: teaching employees additional skills related to their current rolesReskilling: equipping employees with new skills to shift their career towards in-demand fields—like proactive cybersecurityOur guide walks you through the benefits of...
Offensive Cybersecurity
blog article thumbnail
Blog

Weighing the Risk: The Cost of Skipping Pen Tests

Wed, 05/29/2024
Cybersecurity budgets are beginning to get cut across the country, and organizations are faced with tough choices about what should stay and what should go. As security budgets face extra scrutiny and potential cuts, it’s critical to evaluate the cost and benefits of each security practice. It can be difficult to define the value of proactive security solutions like pen testing, as a precise ROI...
Offensive Cybersecurity
Penetration Testing
new exploit blog
Blog

Core Impact Monthly Chronicle: Exploits and Updates | April 2024

By Pablo Zurro on Thu, 05/09/2024
Core Impact UpdatesSMB NTLM Information Dumper This module improves the reconnaissance step for Active Directory testing, specifically gathering NTLM information using SMB/RPC protocols to prepare NTLMrelayx Man-in-the-middle attacks. Among other information, it retrieves: SMB Signing configuration information Domain configuration SMB Shares Out of the box tags for known server roles This update...
cs-web-asset-thumbnails-guide-white-paper-pdf-download.jpg
Guide

Avoiding Compliance Surprises- Financial Technology

As the Finance industry makes services more digitally accessible with new and improved Financial Technology (FinTech), it grows even more exposed to cyber threats. The FinTech industry growth rate is set to quadruple within the next 10 years, so you can expect that along with increased cyber risk comes increase compliance regulations. It is imperative to set your company up with the right...
new exploit blog
Blog

Core Impact Monthly Chronicle: Exploits and Updates | March 2024

By Pablo Zurro on Fri, 04/12/2024
Core Impact Exploit Library AdditionsOne of Core Impact’s most valuable features is its certified exploit library. Fortra’s Core Security has a team of expert exploit writers that conduct research, evaluating and prioritizing the most relevant vulnerabilities in order to update the library with critical and useful exploits. Additionally, the QA team creates its own clean environment to validate...
Offensive Cybersecurity
blog article thumbnail
Blog

Advantages of Offensive Security Vendor Consolidation

By John Stahmann on Thu, 03/21/2024
We sat down with John Stahmann, CISSP and Director of Sales Engineering for Offensive Security and Infrastructure Protection at Fortra, and asked him what he had learned after more than 20 years in the industry about the pitfalls, hacks, and little-known facts of offensive security. With so much architectural complexity, vendor sprawl, and multi-platform problems plaguing the cybersecurity...
Offensive Cybersecurity
cs-web-asset-thumbnails-guide-white-paper-pdf-download.jpg
Guide

What to Look for in a Pen Test Report

Not all pen test reports are created equally. If you are in finance, you need a report that caters to SOX or PCI DSS. In healthcare, one that takes HIPAA obligations into account. And no matter what industry you are in, the audience for your pen test report will always be bigger than your immediate security circle; many times, your board, compliance auditors, and even customers will be looking at...
Penetration Testing
new exploit blog
Blog

Core Impact Monthly Chronicle: Exploits and Updates | Feb 2024

By Pablo Zurro on Thu, 03/07/2024
Core Impact UpdatesDuring the month of February, updates have been made to Core Impact to enhance its functionality. New modules have been added to perform Active Directory attacks taking advantage of new features from the latest version of Impacket. There is also a new Web Applications Fuzzer that can find some of the directories and files that are not referenced by the pages discovered during...
Offensive Cybersecurity
Penetration Testing
blog article thumbnail
Blog

Why Relay Attacks Are Still Common and How to Prevent Them

By Pablo Zurro on Mon, 02/26/2024
NTLM (NT Lan Manager) relay attacks are still a significant threat to the security of Windows based networks. Though it is a well-known attack method that has been around for many years, it is no less dangerous than when it first emerged. In fact, it has been an attack method that is currently popular with “aggressive” hacking groups, including the Russian APT28. These groups have successfully...
Offensive Cybersecurity
Penetration Testing
blog article thumbnail
Blog

What is the Role of Purple teaming and Why is it Important?

Tue, 02/20/2024
When hashing out your offensive security strategy, it’s not all about winning – especially when you’re role-playing as the hacker. Red teams are out to attack. Blue teams are out to defend. While many assume that the goal of an engagement is for Red to best Blue, adopting a “Purple team” mindset focuses more on learning. It prioritizes growth over outcome and trains Blue so that Blue does better...
Offensive Cybersecurity
Red Team
new exploit blog
Blog

Core Impact Monthly Chronicle: Exploits and Updates | Jan 2024

By Pablo Zurro on Thu, 02/08/2024
One of Core Impact’s most valuable features is its certified exploit library. Fortra’s Core Security has a team of expert exploit writers that conduct research, evaluating and prioritizing the most relevant vulnerabilities in order to update the library with critical and useful exploits. Additionally, the QA team creates its own clean environment to validate each exploit before its release to...
Penetration Testing
blog article thumbnail
Blog

Cybersecurity and the Law: Taking Proactive Steps Before Needing Legal Action

Mon, 02/05/2024
How the justice system deals with cybercrime is still relatively new and finding its footing. How cybercriminals are leveraging the legal system is relatively new, too. Imagine a world where your organization gets hacked, and then, to add insult to injury, gets reported by the hackers for being out of compliance. Well, you don’t have to imagine too hard because those days are upon us. While the...
Offensive Cybersecurity
certified-exploits
Blog

Core Impact Monthly Chronicle: Exploits and Updates | Dec 2023

By Pablo Zurro on Tue, 01/16/2024
One of Core Impact’s most valuable features is its certified exploit library. Fortra’s Core Security has a team of expert exploit writers that conduct research, evaluating and prioritizing the most relevant vulnerabilities in order to update the library with critical and useful exploits. Additionally, the QA team creates its own clean environment to validate each exploit before its release to...