Product Overview

REPLICATE REAL-WORLD ATTACKS AND REVEAL CRITICAL

SECURITY EXPOSURES
Core Impact Pro® is the most comprehensive software solution
for assessing and testing security vulnerabilities throughout
your organization.
• Endpoint systems • Web applications and
• Passwords and identities services
• Mobile devices • Network systems and
devices
• Wireless networks

Backed by 15+ years of leading-edge security research and

commercial-grade development, Core Impact Pro allows you
to evaluate your security posture using the same techniques
employed by today’s cyber-criminals.
MULTI-THREAT SURFACE INVESTIGATION
Core Impact Pro is the only solution that empowers you to
replicate multi-staged attacks that pivot across systems,
devices and applications, revealing how chains of exploitable
vulnerabilities open paths to your organization’s mission-critical
systems and assets.
WHAT-IF ATTACK ANALYSIS
Demonstrate and document the severity of exposures by
replicating how an attacker would compromise and interact with
vulnerable systems, and revealing at-risk data.
COMMERCIAL-GRADE EXPLOITS
Core Impact Pro offers a stable, up-to-date library of
commercial-grade exploits and real-world testing capabilities.
Core routinely delivers 30+ new exploits and other updates
each month–all professionally built and tested by in-house
researchers and developers.
TEAMING
Multiple security testers now have the capability to interact
in the same workplace against the same environment across
multiple copies of Core Impact Pro. This capability provides a
common view of discovered and compromised network targets.
REPORTING
Core Impact Pro offers comprehensive, customizable reporting
capabilities.
• Confirm exploitable vulnerabilities to plan remediation efforts
• View metrics that illustrate the efficacy of layered defenses
• Validate compliance with government and industry
regulations
• Remediation validation reporting capabilities
EXCRAFT SCADA PACK ADD-ON PRODUCT
Core Security partners with ExCraft Labs to deliver enhanced
SCADA exploits for Core Impact Pro. The SCADA pack by
ExCraft Labs targets over 50 exploits in various SCADA Systems
that are deployed across many industries. This enhanced pack
is updated with about 10 new exploits on average a month.

RECOGNITION

“With Core Impact Pro, we were able to find several
weaknesses before they became issues. We were also
able to verify which of our network defenses were
performing up to expectations, and as a result our
network is now significantly more resilient.”
“Typical Core Security quality. We have used
this product extensively and never been
disappointed. Best Buy.”
SC Magazine, review of Core Impact Pro

Assistant Vice President, Financial Services

NETWORK PENETRATION TESTING WEB APPLICATION PENETRATION TESTING
• Gather network information and build system profiles • Identify weaknesses in web applications, web servers and
• Identify and exploit critical OS, device, service, and application associated databases–with no false positives
vulnerabilities • Test for all OWASP Top Ten web application vulnerabilities
• Replicate attacker attempts to access and manipulate data • Dynamically generate exploits that can compromise security
• Pause/resume attacks to meet SLA requirements weaknesses in custom applications

• Leverage compromised systems as beachheads to attack other • Import and validate results from web vulnerability scanners to
network resources through VPN and proxy pivots confirm exploitability and prioritize remediation

• Test defensive technologies’ ability to identify and stop attacks • Pivot attacks to the web server and backend network
• Web services testing for web and mobile applications
CLIENT-SIDE TESTING OF END USERS AND ENDPOINTS
• Crawl sites, search engines, etc. for potential target information MOBILE DEVICE PENETRATION TESTING

• Leverage a variety of templates or create custom phishing emails • Identify critical exposures posed by mobile devices on your network

• Use client-side exploits to test endpoint system security, assess • Evaluate the security of new mobile devices and related web
defenses, and pivot to network tests services prior to deployment

• Test security awareness with or without exploiting systems • Access call and text logs, GPS data, and contact entries
• Embeddable Android Agent for Android devices
IDENTITY DISCOVERY & PASSWORD CRACKING
• Discover Windows NTLM hashes and attempt to determine VULNERABILITY SCAN VALIDATION
plaintext passwords for those hashes
Core Impact Pro can import and validate the exploitability of results from
• Discover identities: usernames, passwords, Kerberos tickets/ the following network and web vulnerability scanners:*
e-keys, and SSH keys
• Acunetix® Web • TripWire IP360™
• Utilize learned identities as part of multi-vector tests
Security Scanner • Rapid7 AppSpider
• Automatically take control of systems via weak authentication
• Retina® Network
manually or with the rapid penetration test wizard (RPT) • Rapid7 Nexpose
Security Scanner
• Qualys QualysGuard®
• GFI LANguard™
WIRELESS NETWORK PENETRATION TESTING • SAINTscanner®
• HP Web Inspect®
• Assess WEP, WPA-PSK and WPA2-PSK encrypted networks • Tenable Nessus®
• IBM AppScan®
• Conduct man-in-the-middle attacks, intercept wireless • Tenable Security Scanner®
transmissions, and insert exploits into relayed traffic • IBM Internet Scanner®
• Tenable SecurityCenter™
• Impersonate access points to target Wi-Fi enabled systems • Lumension® Scan
• Trustwave App Scanner
• Portswigger Burp Suite
SURVEILLANCE CAMERA ATTACKS • McAfee® Vulnerability Manager
• Testing teams can identify whether a host on their network is a
camera and then test it for vulnerabilities *A vulnerability scanner is not required to use Core Impact Pro®
• Ability to prove camera vulnerabilities by taking a still shot of the
video feed, or accessing the camera’s administration interface
• Testing video cameras using can be done manually or with the
RPT wizard

THINK LIKE AN ATTACKER™ CORE SOLUTIONS EXPERIENCE

By modeling, simulating, Core Security helps more Our patented, proven,
and testing what an than 1,400 customers award-winning enterprise
actual attacker could do, worldwide identify the products and solutions
Core Security’s Attack most vulnerable areas of are backed by more
Intelligence Platform their IT environments— than 15 years of applied
can help you focus on to improve remediation expertise from Core Labs
addressing the most likely efforts and ultimately research and Core Security
threats to your critical secure the business. Consulting Services.
business assets.

blog.coresecurity.com | p: 617-399-6980 | [email protected] | www.coresecurity.com

© 2015 Core Security Technologies & Core Impact Pro are trademarks of Core SDI, Inc. All other brands & products are trademarks of their respective holders.