Using Impact has allowed our consultants to save both time and effort in carrying out testing, as it gives us the ability to handle more customers without adding new staff. It also provides us with increased capabilities for filtering our clients data to differentiate between simple patching issues and serious vulnerabilities that need special attention.
Core Impact simplifies testing for new users and allows advanced users to efficiently execute common tasks. This saves significant time versus manual testing, while providing a consistent, repeatable process for testing infrastructure.
Exposed systems due to compromised perimeter defenses
What OS and services vulnerabilities pose actual threats to your network
How privileges can be escalated on compromised systems
What information could be accessed, altered or stolen
What systems are vulnerable to denial of service attacks
How trust relationships could expose additional systems to local attacks
Core Impact is the only solution that empowers you to replicate multi-staged attacks that pivot across systems, devices and applications, revealing how chains of exploitable vulnerabilities open paths to your organization's mission-critical systems and assets.
Core Impact offers a stable, up-to-date library of commercial-grade exploits and real-world testing capabilities. Core routinely delivers 30+ new exploits and other updates each month–all professionally built and tested by in-house researchers and developers.
Demonstrate and document the severity of exposures by replicating how an attacker would compromise and interact with vulnerable systems and revealing at-risk data.
Multiple security testers now have the capability to interact in the same workplace against the same environment across multiple copies of Core Impact. This capability provides a common view of discovered and compromised network targets.
Confirm exploitable vulnerabilities to plan remediation efforts
View metrics that illustrate the efficacy of layered defenses
Validate compliance with government and industry regulations
Remediation validation reporting capabilities
Gather network information and build system profiles
Identify and exploit critical OS, device, service and application vulnerabilities
Replicate attacker attempts to access and manipulate data
Leverage compromised systems as beachheads to attack other network resources through VPN and proxy pivots
Crawl sites, search engines etc. for potential target information
Leverage a variety of templates or create custom phishing emails
Use client-side exploits to test endpoint system security, assess defenses and pivot to network tests
Test security awareness with or without exploiting systems
Discover Windows NTLM hashes and attempt to determine plain text passwords for those hashes
Discover identities: usernames, passwords, Kerberos tickets/ e-keys and SSH keys
Utilize learned identities as part of multi-vector tests
Automatically take control of systems via weak authentication manually or with the rapid penetration test wizard (RPT)