Core Security Technologies Simplifies Client-Side Penetration Testing with Updated Core Impact

Company unveils increased customization and automation for testing of defenses; enhanced encryption, authentication, and expanded platform support

Boston, Mass., Dec. 18, 2006 -- Core Security Technologies today announced CORE IMPACT 6.2, an enhanced edition of the company's flagship software product designed to help companies test their network security policies. CORE IMPACT 6.2 includes enhancements that enable organizations to more effectively and efficiently test their security defenses against client-side attacks that rely on social engineering, such as spear phishing and e-mails with malicious content. The new version also features enhanced encryption and authentication capabilities to help testers meet secure communication requirements during penetration tests, as well as expanded target platform support for testing networks with AIX systems.

CORE IMPACT 6.2 introduces new functionality to make it easier for organizations to accurately assess their vulnerability to client-side attacks and to customize, perform, and repeat safe phishing attacks to measure the effectiveness of their security defenses as well as their user security awareness initiatives.

  • E-mail Customization and Automation for Client-Side Exploits that Require Social Engineering: CORE IMPACT 6.2 features new templates that allow security professionals to tailor client-side attacks to reflect the latest social engineering attack trends. Because both content and appearance of communications play key roles in establishing trust to soliciting recipient action in attacks such as spear phishing and e-mails containing malicious attachments, Core Security has enhanced CORE IMPACT so that e-mails sent as part of a client-side penetration test can now be easily customized via new HTML templates. Penetration testers can also now save and reuse e-mail templates across different tests, as well as take advantage of several different existing templates already built into the product. In addition, testers can now automatically send e-mail to a group of targets, with content personalized with particular information about each recipient.

  • Strong Authentication and Encryption for In-Memory Agent: With CORE IMPACT 6.2, Core Security provides additional safety mechanisms to improve the security of the penetration testing process. With this release, IMPACT's in-memory agent can now use strong authentication and encrypted communications without requiring the installation of any additional software on the compromised computer. This provides additional security while minimizing impact to the tested network. Additional new agent capabilities in CORE IMPACT 6.2 include the ability to run a complete system shell from the in-memory agent, and the option of configuring the agent to survive system restarts in cases where the penetration test spans multiple days of work.

  • Increased Target Platform Support: Expanding its current available support for Windows, Linux, Solaris, Mac OS X, and OpenBSD, CORE IMPACT 6.2 now supports testing networks with AIX systems. Extending the industry's most comprehensive penetration testing platform required enhancements in information gathering, the agent, logging and reporting, user interface, and exploit support libraries, including payload generation. Exploits for all supported platforms are updated on a regular basis corresponding to regular IMPACT updates.

CORE IMPACT 6.2 also features additional new enhancements throughout the product, including:

  • Enhanced information gathering: IMPACT's unique Rapid Penetration Test (RPT) now leverages IMPACT's fast port scanning engine to perform network discovery using a variety of TCP ports, improving the chances of successful host detection in situations where network filtering is in place. In addition, a new UDP service identification capability ensures proper identification of active UDP services during the Information Gathering phase.

  • Improved product configuration: Global network settings in CORE IMPACT are now consolidated into a single section within the Options dialog. Proxy and proxy authentication settings for downloading exploit and module updates can now be configured globally, and can optionally be inherited from Internet Explorer's settings.

  • Support for Internet Explorer 7: IMPACT version 6.2 now supports running on systems with IE 7.

CORE IMPACT 6.2 is available immediately at no additional charge for all existing IMPACT customers with a valid current license.

About Core Security Technologies

Core Security Technologies develops solutions that help organizations develop and maintain a process for securing their networks. The company's flagship product, CORE IMPACT, is an automated penetration testing product for assessing specific information security threats to an organization. Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com