Information Security Solutions - Paramount Computer Systems in Dubai, Abu Dhabi, Bahrain, Kuwait and Qatar
Home ›› Technology ›› Core Impact
Core Impact: Network and Web Application PT Tool
Features and Benefits
CORE IMPACT is a feature-rich, automated penetration testing product that incorporates accepted penetration testing methodologies and industry best practices.
Features Benefits
Rapid Penetration Test (RPT)
Using an intuitive graphical user interface (GUI), CORE IMPACT automates the penetration testing process in six simple steps
  • Information Gathering
  • Attack and Penetration
  • Local Information Gathering
  • Privilege Escalation
  • Cleanup
  • Report Generation
About Rapid Penetration Testing 		Regularly and comprehensively tests your entire network using widely acknowledged best practices.

Testing can be performed in-house by IT staff without specialized security experience.

Ensures consistent, repeatable testing that proves the effectiveness of security systems and remediation efforts.

Reduces costs by eliminating manual tasks.

Speeds testing by launching multiple, simultaneous attacks.

Complements third-party testing mandated by industry or government regulations
Commercial-Grade Exploits
Created by an experienced and dedicated team of developers at Core Security Technologies. All CORE IMPACT exploits are guaranteed to be effective, comprehensive, stable and current.
About Commercial-Grade Exploits 		Guarantees safe and effective penetration testing while minimizing potential disruptions to target systems.

Testing is comprehensive and optimized, since exploits are designed to work across multiple system configurations and attack vectors.

All exploits are continuously tested to ensure ongoing effectiveness as vulnerabilities change.

New and updated exploits are provided on an ongoing basis, allowing you to test for the latest vulnerabilities.
Patent-Pending Agent Technology
Provides an interface to compromised systems, allowing you to gather additional information, escalate access privileges, and attempt to compromise other network resources.
About IMPACT Agents 		Demonstrates how specific vulnerabilities can be exploited, helping to delineate real threats from false positives.

Extends the breadth of penetration tests by allowing you to unobtrusively move deeper into the network, gathering further information and launching attacks on more secure systems.

No trace of penetration test remains on target systems, since agents run only in memory.
Comprehensive Information Gathering
Includes comprehensive network discovery, OS detection, identification of services and more.
About Information Gathering 		Eliminates the need to purchase supplemental tools to gather network information prior to testing.

Safely utilizes a compromised target to scan a network from within, without installing anything on the system.

Provides valuable data that assists with remediation efforts.
Standard and Custom Reports
Generates clear, informative reports that provide data about the targeted network and hosts, audits of all exploits performed, and details about proven vulnerabilities.
About Reports
Click here to View IMPACT Sample Reports 		Assists in compliance efforts with complete audit trails.

Meets the needs of different constituencies with tailored reports for management, network administrators, remediation staff, etc.

Exportable to other applications for customization and integration with other data.
Traffic Masking
Includes robust MSRPC fragmentation and the industry's first MSRPC traffic encryption.
About Traffic Masking 		Provides an enhanced ability to test network defenses against increasingly sophisticated attacks.
Integration with Vulnerability Scanners and Patch Management Tools
Supported solutions include eEye Retina, GFI LANguard, Nessus, Nmap Security Scanner, Harris STAT Guardian Vulnerability Management Suite (VMS), IBM Internet Scanner, Qualys QualysGuard and PatchLink Update. 		Improves the productivity and effectiveness of overall vulnerability management efforts with a single click.
User Credential Capturing
Allows you to collect Windows password hashes in-memory, log keystrokes, sniff passwords and hashes, collect saved login credentials from popular applications such as Internet Explorer, Firefox and MSN, and install agents with valid username / password / hash combinations. 		Enables you to easily leverage established user and network relationships to escalate attacks deeper into the network. This ensures more efficient and effective penetration tests.
Fully Customizable
Written in Python, allowing you to review, customize and extend all exploits and modules.
About customizing CORE IMPACT 		Provides flexibility and ensures that penetration testing is customized to your organization's specific needs.
...............................................................................................................................................................................................................................................................................................................................

Additional CORE IMPACT Features
Agent Auto-Injection
You can maintain contact with a targeted workstation, even if compromised client software is restarted. Upon gaining workstation access, CORE IMPACT injects an agent into a new process outside of the compromised software. You can therefore continue to gather information about the workstation and pivot attacks to other systems without interruption.

Graphical Mini-Shell and File Browser
CORE IMPACT enables you to run a command shell on any compromised system, even if the system does not have an accessible shell. In addition, the product's file browser allows you to view the file structure of any compromised system.

User-Created Macros
Wizards enable you to easily create macros that automate simple tasks without requiring programming.

Workspace Import and Export
You can integrate CORE IMPACT with other security products by importing and exporting workspace information to XML.

Comprehensive, 100% Python, MSRPC Library
Includes functionality for performing SMB, DCERPC over multiple transports, NTLM authentication, and remotely manipulating the Windows registry and Windows services.

Component-based Payload Creation Library (LibEgg)
Enables exploit developers to easily create powerful payloads by combining pre-made and custom payload building blocks. Component model allows developers to focus on adding or customizing specific functionality rather than on re-creating complete payloads from scratch.

Comprehensive and Constantly Updated User Documentation

Partner status: Paramount is the Premium Partner for Core Impact in the region

For more information contact :sales@pcsuae.com
Home   |   Company   |   Consulting   |    Technology   |   Careers   |   Knowledge Centre   |   Paramount Alumni   |   Paramount Purpose   |   Contact Us   |    Sitemap
Offices in Dubai, Abu Dhabi, Bahrain, Kuwait and Qatar
©  2011. Paramount Computer Systems, All Rights Reserved.