CORE IMPACT - PowerPoint PPT Presentation

About This Presentation



CORE IMPACT Hamde AL Tamimi Mohammad Ali Qattan Amira Mosa AL Braim Rakan Tayseer What is CORE IMPACT ? CORE IMPACT is, in fact, an automated penetration( ... – PowerPoint PPT presentation

Number of Views:524
Avg rating:3.0/5.0
Slides: 24
Provided by: ham112


Transcript and Presenter's Notes


  • Hamde AL Tamimi
  • Mohammad Ali Qattan
  • Amira Mosa AL Braim
  • Rakan Tayseer

  • CORE IMPACT is, in fact, an automated
    penetration(????? ) testing tool, which scans a
    range of hosts looking for Weak Points for which
    it has effective exploits(??????? ).
  • These exploits can then be launched against the
    vulnerable(??????? ) hosts to attempt to gain
  • Having gained access to a vulnerable host,CORE
    IMPACT can install Agents which provide varying
    levels of remote access (including directory
    listing, uploading and downloading files, and so
  • It is even possible to use a compromised host to
    launch new penetration tests against other hosts
    on the network which may not have been visible on
    the initial scan.
  • This way the penetration tester can move from
    host to host within the compromised network.

  • CORE IMPACT thus allows the user to safely
    exploit Weak Points in the network, replicating
    the kinds of access an intruder could achieve,
    and proving actual paths of attacks that must be
  • The product features the Rapid Penetration Test
  • a step-by-step automation of the penetration
    testing process. From the initial information
    gathering phase to production of the final
    report, the penetration testing steps within CORE
    IMPACT can be run completely autonomously. The
    steps in this process include
  • Information Gathering
  • Attack and Penetration
  • Local Information Gathering
  • Privilege Escalation(??????? )
  • Clean Up
  • Report Generation

  • Each of the six processes listed previously are
    available as Wizards in the Rapid Penetration
    Test window.
  • By following each of them in turn, the average
    user will follow the typical hacker methodology
    recommended by every generic hackers handbook,
    and be able to complete a very comprehensive
    penetration test without recourse to experts or
    outside consultants.
  • Of course, experts and consultants will also find
    this tool incredibly useful in their day-to-day

Information Gathering
  • We have types of test which led to multiple ways
    to gather information
  • such as
  • Client-Side Rapid Penetration Testing
  • Mobile Device Rapid Penetration Testing
  • Network Device Rapid Penetration Testing
  • Network Rapid Penetration Testing
  • Web Application Rapid Penetration Testing
  • Wireless Rapid Penetration Testing

Client-Side Rapid Penetration Testing
  • In the case of end-user testing, Information
    Gathering involves the collection of email
    addresses to target with phishing, spear
    phishing(Instead of casting out thousands of
    e-mails randomly hoping a few victims will bite,
    spear phishers target select groups of people
    with something in commonthey work at the same
    company, bank at the same financial institution,
    ) or other social engineering attacks. CORE
    IMPACT offers a number of modules for gathering
    email addresses of individuals in your
    organization, or you can enter or import your own
    list of email addresses to test.
  • Key Capabilities
  • Crawl a website to harvest addresses published on
    the site
  • The Major effect of search engines to locate
    addresses for a given domain
  • Find addresses in Pretty Good Privacy
    (PGP)(Pretty Good Privacy (PGP) is a popular
    program used to encrypt and decrypt e-mail over
    the Internet. ) and Whois databases
  • Scan a domain for documents and scrape useful
    information from them, such as email addresses

Mobile Device Rapid Penetration Testing
  • To specify mobile devices to test, you simply
    enter target device information )such as owner
    name, email address and phone number (into the
    CORE IMPACT interface.

Network Device Rapid Penetration Testing
  • If CORE IMPACT Differentiate(???? ) the operating
    system of a target and confirms it to be a
    network device, it will attempt to collect
    information about the device. Alternately, CORE
    IMPACT includes a Passive Cisco Discovery
    Protocol (CDP) network discovery module that
    listens for broadcasts from Cisco devices.
  • Key Capabilities
  • Fingerprint found devices to determine
    manufacturer, device model/type, and operating
    system details
  • Determine the inputs on which the device accepts
    connections or instructions, including Simple
    Network Management Protocol (SNMP), Telnet, HTTP,

Network Rapid Penetration Testing
  • The Information Gathering step collects data
    about the targeted network, typically using
    Network Discovery, Port Scanner, and OS and
    Service Identification modules. Alternately, you
    can complete this step by importing information
    from your network mapping tool or Weak Points
  • Key Capabilities
  • Identify the operating system and services
    running on targeted machines
  • Control the IP ranges you want to scan
  • Select from a variety of network discovery and
    port scanning methods, including TCP Connect,
    Fast synchronise packet in (TCP) and Internet
    Control Message Protocol (ICMP)

Web Application Rapid Penetration Testing
  • During this phase of the Web Application Rapid
    Penetration Test, CORE IMPACT crawls through web
    pages and identifies pages to test. Alternately,
    you can import the results from popular web
    application Weak Points scanners and validate
    imported Weak Points for exploitability(???????
    ????????? ).
  • Key Capabilities
  • Specify a domain or range of web pages to crawl
  • Set a link depth limit for the crawler
  • Select whether to follow links outside the
    specified site
  • Crawl JavaScript to discover and assess
    dynamically generated pages
  • Establish the browser type and version to use
  • Supply any login information required to emulate
    an attack from someone with access rights to the
    web application
  • Import web scanner results for Weak Points

Wireless Rapid Penetration Testing
  • CORE IMPACTs discovery capabilities allow users
    to identify both authorized networks and
    unauthorized points of access. It then profiles
    any networks discovered by analyzing signal and
    packet data to measure network strength,
    determine security protocols, and identify
    devices interacting with the involved network.
  • Key Capabilities
  • Discover both known and unknown Wi-Fi networks
    and access points
  • Gather MAC addresses and service set identifiers
    (SSID)(An SSID is the name of a wireless local
    area network (WLAN). All wireless devices on a
    WLAN must employ the same SSID in order to
    communicate with each other. ) from beaconing
  • Impersonate(?????? ??? ) access points, and
    fingerprint / harvest information from systems
    that connect
  • Gather information on network strength, security
    protocols and connected devices
  • Scan traffic for streams of sensitive data

Attack and Penetration
  • We also have the same categories mentioned before
    such as
  • Client-Side Rapid Penetration Testing
  • Mobile Device Rapid Penetration Testing
  • Network Device Rapid Penetration Testing
  • Network Rapid Penetration Testing
  • Web Application Rapid Penetration Testing
  • Wireless Rapid Penetration Testing

Client-Side Rapid Penetration Testing
  • In this test, you create an email, associate it
    with an exploit, and go phishing. The product
    includes sample email templates that simulate
    common phishing attacks. You can also create your
    own custom spear phishing emails that effects
    inside knowledge of your organization.
  • CORE IMPACTs big library of client-side exploits
    includes attacks that target endpoint
    applications, endpoint security solutions, and
    endpoint operating systems and services. The
    product also takes care of sending the email,
    giving you options such as selecting an Simple
    Mail Transfer Protocol (SMTP) server or Trick a
    specific from email address.
  • Key Capabilities
  • Create phishing, spear phishing and spam emails
    from a variety of pre-built templates
  • Safely deploy Agents using real-world malware
    attacks(Malware, short for malicious software, is
    software designed to disrupt computer operation,
    gather sensitive information, or gain
    unauthorized access to computer systems. ) to
    test end-user system security
  • Track who responds to attacks and measure the
    effectiveness of security awareness programs with
    or without exploiting their systems
  • Assess data leakage risks by luring(??????? )
    users to complete imposter(???? ) web forms
  • Prove the consequences of a end-user security
    breach by interacting with compromised

Mobile Device Rapid Penetration Testing
  • CORE IMPACT uses real-world attack techniques
    including phishing, web form impersonation, fake
    wireless access points, and wireless
    man-in-the-middle attacks(The man-in-the-middle
    attack is a form of active eavesdropping(?????? )
    in which the attacker makes independent
    connections with the victims and relays messages
    between them, making them believe that they are
    talking directly to each other over a private
    connection, when in fact the entire conversation
    is controlled by the attacker. The attacker must
    be able to intercept all messages going between
    the two victims and inject new ones ) to assess
    end users and their devices.
  • Key Capabilities
  • Phishing send emails and texts that determine
    whether employees would fall prey to phishing and
    spear phishing attacks by clicking through to
    malicious(???? ) sites and/or installing
    Untrusted mobile apps
  • Web Form Impersonation assess data leakage
    threats by doing phishing tests classified with
    links to web forms designed to capture and record
    user-entered data
  • Fake Wireless Access Points impersonate valid
    wireless access points and gather profile
    information about the connected devices,
    launching attacks when the device or user
    requests data from the fake access point
  • Wireless Man-in-the-Middle identify and monitor
    wireless networks that have either no encryption
    or WEP-based encryption and observe any connected
    devices intercept transmissions and insert
    attacks that target the connected devices

Network Device Rapid Penetration Testing
  • CORE IMPACT uses dictionary attacks (a dictionary
    attack is a technique for defeating
    authentication mechanism by trying to determine
    its decryption key by searching likely
    possibilities successively trying all the words
    in an list called a dictionary from a
    pre-arranged list of values . )to guess passwords
    and gain access to network devices. Once the
    device is compromised, CORE IMPACT offers various
    modules to explain the ramifications of the
    breach(????? ???????).
  • Key Capabilities
  • Launch dictionary attacks to gain device access
  • Retrieve the configuration file of a compromised
    device and try to crack passwords that are in use
  • Rename compromised devices
  • Demonstrate how attackers could intercept copies
    of data packets via interface monitoring

Network Rapid Penetration Testing
  • During Attack and Penetration, CORE IMPACT
    automatically selects and launches remote attacks
    leveraging(????????? ?? ) IP, OS, architecture,
    port and service information obtained in the
    Information Gathering step. You can choose to
    launch every potential attack against each target
    computer, or you can have the system stop once it
    successfully deploys a single Network Agent,
    which carries the attack payload. You maintain
    full control over which computers are attacked
    and the order in which exploits are launched. In
    addition, you can further simplify and speed
    tests by excluding exploits that may leave a
    target service unavailable or take a long time to
  • Key Capabilities
  • Launch multiple, many attacks at the time to
    speed the penetration testing process
  • Interact with compromised machines via discrete
    Agents that are installed only in system memory
  • Run local exploits to attack machines internally,
    rather than from across the network
  • Maintain control over which exploits are applied

Web Application Rapid Penetration Testing
  • CORE IMPACT enables you to test web applications
    for Persistent Cross-Site Scripting (XSS)(Dynamic
    Web sites have a threat that static Web sites
    don't, called "cross-site scripting," also known
    as "XSS." ), Reflective XSS (both for static HTML
    and Adobe Flash objects), Remote File Inclusion
    for PHP applications, SQL Injection, and Blind
    SQL Injection. CORE IMPACT then dynamically
    creates exploits to prove whether the Weak Points
    makes actual threats. If an exploit is
    successful, CORE IMPACT establishes an Agent that
    allows you to take a number of actions to reveal
    at-risk information assets.
  • Key Capabilities
  • Analyze custom, customized and out-of-the-box web
    applications for security weaknesses
  • Validate security exposures using dynamically
    generated exploits, emulating a hacker trying
    various attack paths and methods
  • Guess application usernames and passwords with
    dictionary attacks
  • The effect of Web Application Firewall (WAF)
    evasion(?????? ) capabilities
  • Explain the consequences of an attack by
    interacting with web server file systems and
    databases through command shells and database
  • Perform penetration tests without corrupting web
    applications or running code on targeted servers

(No Transcript)
Wireless Rapid Penetration Testing
  • CORE IMPACT determines keys by taking advantage
    of known Weak Points in WEP-secured
    networks(Wired Equivalent Privacy (WEP) is a
    security algorithm for IEEE 802.11 wireless
    networks ). The solution also assesses networks
    secured by WPA(Wi-Fi Protected Access (WPA) and
    Wi-Fi Protected Access II (WPA2) are two security
    protocols and security certification programs
    developed to secure wireless computer networks )
    and WPA2 (using a Pre-Shared Key) via dictionary
    attacks that leverage information from sniffed
    authentication attempts. Finally, CORE IMPACT
    enables you to intercept wireless transmissions
    and conduct Man-in-the-Middle attacks
  • Key Capabilities
  • Replicate attacks against WEP, WPA and
    WPA2-encrypted networks
  • Do Man-in-the-Middle attacks, intercept wireless
    transmissions, and insert exploits into relayed
  • Impersonate access points to connect with
    beaconing systems and test them against remote

Local Information Gathering
  • The Local Information Gathering step collects
    information about computers that have CORE IMPACT
    agents deployed on them. During this step, you
    leverage Network Agents to interact with
    compromised computers and gather previously
    unavailable information about the OS, privileges,
    users and installed applications. CORE IMPACT can
    collect information from all deployed Agents or
    only from those that you specify.
  • Key Capabilities
  • Browse file structures and view file contents on
    compromised machines
  • View rights obtained on compromised machines
  • Interact with compromised machines via command
  • Explain the consequences of security breaches by
    replicating the steps an attacker would take
    after gaining access to a system
  • Extract data from compromised mobile devices,
    including call, SMS and MMS logs GPS location
    and contact information

Privilege Escalation
  • During the Privilege Escalation step, CORE IMPACT
    attempts to penetrate deeper into a compromised
    computer by running local exploits in an attempt
    to obtain administrative privileges. After
    Privilege Escalation, you can shift the source
    Agent to one of the newly compromised systems and
    cycle back to the initial Information Gathering
    step, thereby establishing a beachhead from which
    to run attacks deeper into the network.
  • Key Capabilities
  • Run local exploits to attack systems internally,
    rather than from across the network
  • Gain administrative privileges on compromised
  • View the networks to which a compromised computer
    is connected
  • Launch attacks from any compromised system to
    other computers on the same network, gaining
    access to systems with increasing levels of

  • The Cleanup step automatically uninstalls every
    connected Agent. Agents are uninstalled in post
    order to support complex Agent chains. In
    addition, all Agents are automatically
    uninstalled when closing the active workspace,
    regardless of whether the Cleanup step is
    executed or not.
  • Key Capabilities
  • Quickly and easily remove all Agents from
    compromised machines, leaving your network and
    end-user systems in their original states

Penetration Testing Report Generation
  • CORE IMPACT generates clear, informative reports
    that provide data about targeted systems and
    applications, results of end-user penetration
    tests, audits of all exploits performed, and
    details about proven Weak Points. You can view
    and print reports using Crystal Reports or export
    them in popular formats such as HTML, PDF and
    Microsoft Word.
  • Key Capabilities
  • Obtain actionable information about exploited
    Weak Points, compromised end-user systems, web
    application weaknesses and associated risks
  • Create activity audits to satisfy Commitment and
    regulatory requirements
  • Export report content in popular formats that can
    be easily customized and shared
Write a Comment
User Comments (0)