CORE Impact Pro 2013 adds several new capabilities. These advanced capabilities include CloudCypher, an online service created and managed by CORE that works with Windows® hashed passwords discovered by Impact during testing and attempts to determine plaintext passwords for those hashes. These obtained passwords can then be used for additional security testing. Other highlights of the release include the ability to team multiple security testers together to interact in the same workspace against the same target environment across multiple copies of Impact. In addition to these new features, Impact 2013 is supported by the company's extensive library of more than 2,800 commercial-grade exploits and other attack techniques.
In addition to CloudCypher, and Teaming, CORE Impact 2013 new capabilities include:
Network Remediation Validation
DNS Communication Channel
Network IG & AP Module output
CORE Impact 2013's Network Remediation Validation Wizard is a quick retest option used for previously identified network risks that confirm the risks have been remediated appropriately and the vulnerability management cycle is closed. This feature allows a closed loop capability for the testing process. This new release of Impact has added the ability to communicate using the DNS protocol to agents deployed using a specific set of modules. As security around TCP and HTTP protocols has improved, hackers have looked at alternative data protocols to infiltrate, adding the DNS capability allows testers to use the DNS channel as well. Agent Redeploy is a new feature that allows Impact to quickly verify whether a previously discovered vulnerability has been remediated.
CORE Impact now displays rich progress information as the automated pen tests execute against target networks, allowing a user to track progress. Using this feature, Impact can now demonstrate in a user-friendly and graphical manner, exactly what is being executed in real-time. The last new addition for Impact 2013 is report selection for reporting on specific hosts needed, rather than having to run the report on all hosts within the workspace. Reports that support this capability include:
PCI Vulnerability Validation Report
Vulnerability Validation Report
Host Based Activity Report
"CloudCypher was originally developed by our internal pen- testing team to allow them to manage passwords more easily as part of a testing engagement. Adding this pen testers' tool, used for nearly ten years of testing by the team, to our next version of Impact brings huge value to our user community. This advanced capability that we'll offer as a cloud service going forward is another example of the unique features that CORE, as a multi-discipline company, can bring to this market," said Milan Shah, senior vice president of Products and Engineering at CORE Security. "The teaming, DNS communications capabilities, and reporting enhancements are features that our users suggested to us, and we're pleased to be able to add these feature requests to our market-leading product."
More about CORE Impact Pro:
CORE Impact® Pro is the most comprehensive software solution for assessing the real-world security of web applications, network systems, endpoint systems, email users, mobile devices, wireless networks, and network devices. Backed by CORE Security's ongoing vulnerability research, Impact Pro allows users to take security testing to the next level by safely replicating a broad range of data breach threats. As a result, testers can identify exactly where and how your organization's critical data can be breached. Learn more about CORE Impact Pro penetration testing software at www.coresecurity.com/Impact.
About CORE Security
CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company's innovative security research center. For more information, visit www.coresecurity.com.
CORE Security, CORE Impact, CORE Impact Professional, CORE Secured, and CORE Labs are registered trademarks and/ or trademarks of CORE SDI, Inc. in the United States and/or other countries. All other products and services are trademarks of their respective owners.