We sat down with John Stahmann, CISSP and Director of Sales Engineering for Offensive Security and Infrastructure Protection at Fortra, and asked him what he had learned after more than 20 years in the industry about the pitfalls, hacks, and little-known facts of offensive security.
Core Impact Updates
During the month of February, updates have been made to Core Impact to enhance its functionality. New modules have been added to perform Active Directory attacks taking advantage of new features from the latest version of Impacket.
NTLM (NT Lan Manager) relay attacks are still a significant threat to the security of Windows based networks. Though it is a well-known attack method that has been around for many years, it is no less dangerous than when it first emerged. In fact, it has been an attack method that is currently popular with “aggressive” hacking groups, including the Russian APT28. These groups have successfully used relay attacks to target multiple high-value targets worldwide.
When hashing out your offensive security strategy, it’s not all about winning – especially when you’re role-playing as the hacker.
How the justice system deals with cybercrime is still relatively new and finding its footing. How cybercriminals are leveraging the legal system is relatively new, too.
We are thrilled to announce the latest release of Core Impact! Version 21.5 is packed with exciting features and improvements that provide a smoother and even more efficient user experience.
Core Impact's Exploit Library contains thousands of exploits and is updated on an ongoing basis. But how does the team decide which exploits to work on? This page describes the evaluation criteria, including input variables and mechanisms, used to determine which vulnerabilities are good candidates to be analyzed by our Exploit Writing Team.
While it’s important to adhere to compliance regulations, blunders do happen. What does it mean when these blunders lead to you failing a cybersecurity audit, and how can you recover?
Consequences of Failing a Cybersecurity Audit
Failing a cybersecurity audit can mean several things.
First, there’s the up-front legal fines that come with falling on the wrong side of compliance. Here are a few illustrative examples.
You may have heard that Core Security’s Core Impact is an enterprise-grade penetration testing solution that uses same tactics and techniques as real-world attacks.