Daily Archives: May 7, 2019

15 Things Every Customer Should Know About Core Impact

English

Just like in any good relationship, it takes time to get to know one another. Even when you’ve been together for a while, you still may learn new things that surprise you. It’s no different when you begin a relationship with a new product or solution. Over time, you will discover new features and tricks you didn’t even know existed. With this in mind, we’ve compiled a list of the top 15 things every customer should know about Core Impact. Take a look and see what you may have been missing.

#1: The Core Impact Customer Community

The Core Impact Customer Community is a place you can go to ask and answer questions about Impact and penetration testing, chat real-time with other Impact users, and take training courses to better leverage Impact for multiple types of testing. It also serves as a repository where you can post or download custom modules. This invaluable community resource exists to empower you to continue to get the most out of Impact.

#2: Flexible Licensing

Did you know that Impact has a flexible licensing model? We have many different license types that enable flexible use of the product, and ensure we can support multiple use cases, including:

  •     Machine-based unlimited licenses for those with a small, rotating team
  •     Named user unlimited licenses for those with dedicated, full time users
  •     Educational and lab licenses for those who want to use Impact in an educational capacity or tightly controlled lab environments

Our goal is to make sure you get the right combination of licenses that will work best for you and your team.

#3: Encrypting Agent Communications

All communication between Impact and its agents is both encrypted and authenticated. These robust protections allow us to provide secure communications between Impact and its agents. Other solutions have a higher risk of potential attackers ‘breaking in’ to the communications or hijacking their agents for nefarious purposes. Perform better, more detailed testing with the peace of mind that your communications will remain secure.

#4: Command and Control Options

Core Impact has a variety of command and control options that you can leverage. Whether connecting to or from a target or hiding the communications in DNS traffic, Impact has a variety of communication methods to better support different ways you might want to test. For example, using the DNS channel allows you to mask and disguise the communications inside DNS packets. All you have to do is select the type of communication you want the agents to use, and then deploy them. Every communication method features encryption and mutual authentication between Impact and its agents.

#5: Self-Terminating Agents

With Impact, you never have to worry about an agent hanging around longer than you want. Impact agents are configured to automatically clean themselves up at a time you set. Plus, Impact gives you the ability to set an expiration time when you deploy an agent, giving you control and minimizing artifacts left by your test. Even if a target is hibernated during a test, and misses the cleanup signal, Impact agents will see that it’s past due and clean itself up. You can pen test with confidence and know that Impact won’t let you be the reason for an incident response.

#6: Rapid Penetration Tests

Another great feature is that Impact can quickly find ‘low hanging fruit’ for you to act upon. Impact’s rapid penetration testing wizards can automatically find common weaknesses, while letting you choose how risky you want to be. This will free up time for you to do more in-depth testing and can even provide a short list of items to quickly prioritize for remediation.

#7: Intelligently Exploit Identities

Were you aware that Impact also enables you to easily leverage identities found during a test? With many identities in any given network, chances are you will come across them during testing. Impact enables you to securely store these identities. With Impact’s central identity store, it’s simple to use these identities to further your testing, allowing you to easily move and get access to more information.

#8: Stealthy PowerShell Attacks

Did you know that Impact can natively leverage PowerShell on remote hosts? Not just that, it can also do it stealthily, without using the PowerShell executable. PowerShell is a very powerful management framework for Windows machines and Impact’s ability to easily interface with it opens state-of-the-art attack methods preferred by advanced adversaries.

#9: Phishing Built for Pen Testers

Impact actually evolved from the suite of tools used by one of the first teams to offer third-party pen testing. In fact, Impact was created by a team of pen testing professionals to help make them more effective and efficient at their job. They recognized that there was great value in standardizing the process of how to conduct a pen test, and built this into their tools. As a result, Impact emphasizes an easy-to-use, repeatable, and consistent methodology.

Impact also has extensive phishing capabilities, built from the beginning with pen testing in mind, so you can do more than just report on who is susceptible to phishing. You can also gather additional information to help plan further testing and exploitation activities. Impact’s phishing functionality is often leveraged to ‘trick’ victims into giving you access to the network. If you are looking for pen testing with focused phishing capabilities, Impact is definitely the solution for you.

#10: A Python Framework

Here is something you may not know either: Impact is actually a Python framework. All modules, exploits, and tools are written in Python and are user customizable. You can write your own modules for things like integrations with third party tools, or modify existing ones to better suit your specific needs. This gives you a significant amount of flexibility to extend and enhance the value of investments you have already made.

#11: Ongoing Logging and Reporting

Another key feature to be aware of is that Impact automatically logs everything you do over the course of your pen test. This includes all the modules you run, all the files you upload or download, and even all the commands you run on remote hosts. Impact automatically captures this input and output, providing an audit trail and ensuring that you do not have to keep your own detailed notes during the test.

Impact also has a powerful and flexible built-in reporting engine that allows you to create reports for any type of audience, whether they are Chief Executives, the Patching Team or even the Audit Team. These reports are also fully customizable and the templates can be saved for future use.

#12: Validating Vulnerability Scans

Impact automatically validates the results of a vulnerability scan. You can import the results from the most vulnerable scanners and Impact will automatically attempt to validate the scanner’s findings by attempting to exploit the vulnerabilities that were reported. You will then get a report of what Impact was and was not able to exploit. Confirming exploitations can help speed up remediation processes by having Impact prioritize the list of vulnerabilities that your scanners are spitting out.

#13: Validating Remediation

With the remediation validation option, you can have Impact automatically re-run a previous pen test that can provide a change report on any differences between the two. Impact will execute exactly as you did on the previous test, including info gathering, exploitation, and pivoting. You can use this to easily test if remediation efforts have been successful rather than having to do the entire test over again, saving tremendous time in re-testing.

#14: Multi-Vector Pivoting

Impact also enables you to pivot from one vector to another, dramatically improving your capabilities and efficiency through multi-vector pivoting. For example, when you exploit a weakness in a web application, you can then leverage it to pivot to the network.  Or you can even leverage Impact to trick victims into giving you access to the network.

#15: Moving from One Host to Another

And last, but definitely not least, Impact makes it easy to pivot from one host to another. It is as simple as a right click. Impact has a wealth of additional features, like the Remote Interface, which you can leverage with the pivoting capabilities to make you more efficient and effective during your testing.

Getting the Most Out of Core Impact

This list will help you more intelligently manage your vulnerabilities and get the most out of Impact.  After all, the more you get to know Core Impact, the more it can do to secure your business.

Penetration testing
Big text: 
Article
Resource type: 
Articles