Core Impact takes pen testing off your hands

15.08.2006
A sharp increase in client-side attacks and the rising demands of regulatory compliance lead to an inescapable conclusion: Maybe having your teenage relatives' wannabe-hacker friends checking your network for vulnerabilities isn't an optimal approach to penetration testing. Enter Boston-based CoreSecurity Technologies, which debuts Core Impact 6 this week.

An enterprise-level solution, Core Impact is designed to allow companies to run their own automated pen testing in-house. The new version of the software adds a client-side pen testing framework, expands target platform support, improves the Impact Agent, and brings data export capabilities. Integration with PatchLink Corp.'s vulnerability-management service provides for automatic remediation of any holes discovered.

As most security professionals know, good perimeter security is often no match for users who don't use good sense, or who do use software, sites or services that have been compromised. Once a client machine within the perimeter has been compromised, attackers are then free to move about the network under the cover of the user's valid credentials.

The new version of Core Impact tests for vulnerabilities in client software such as major Web browsers, media players, Outlook, Word, Excel and the like. Pen testing happens transparently to the user. In addition, the software allows for testing of other security products such as intrusion-prevention and intrusion-detection systems. It also adds support for testing machines running Apple's OS X, including a new OS X agent and tools for information gathering and exploit and reporting capabilities. Support continues for Windows, Linux, Solaris and OpenBSD.

The process, which is driven from the Core Impact console, proceeds in six steps: information gathering, attack and penetration, local information gathering, privilege escalation, cleanup on target machines, and report generation. Each step is documented at the console. The exploits are developed by Core and updated weekly. Testing data for all procedures can be exported to XML.

The package's new Impact Agent brings various performance and implementation improvements to the mix. Agents can multitask, and communication has been improved to reduce the amount of network traffic necessary to pivot and communicate with agents at the end of an agent chain. Flexibility has also been improved -- agents for new platforms can now be more easily integrated with the existing product, and support for binary plug-ins and code gives the product the ability to spot payloads dynamically created in runtime, or inserted as part of a customized exploit.