Results 1 to 5 of 5

Thread: Any experience with Core Impact?

  1. #1
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    Any experience with Core Impact?

    Does any AO member have experience with Core Impact?

    I was lurking on a different forum the other day and came across an old thread mentioning this software product. I checked out the website and was impressed with the on-paper information. However, I don't want to waste my time bantering w/ their sales people over a live web-demo and I coudln't locate any downloadable trial version.

    So, I'd be curious to read any comments or war-stories re: penetration testing using the Core Impact suite if anyone has some.

    http://www.coresecurity.com/products...pact/index.php

    Appreciation extending beforehand...

    Cheers,
    <0
    Ego is the great Logic killer

  2. #2
    <0

    I went to a demo of Core Impact during a SANS conference in Dec. It is written in Python and maintained with all of the latest public, and some not so public, exploits. It is fast and easy and specifically designed to do exactly what you are interested in, penetration testing. It is very pricey, but it takes a lot of the legwork and tedious labor out of the job.

    Basically it will run a Nessus like scan against an IP range, and tell you what IPs it finds. Then you click (yeah it's all in a GUI) on the target you like and it will scan that IP and list potential exploits. The list showd the exploit it's BUGTraq nimber etc.. You double click on the exploit of ckoice and it whacks the box on the other end. The primary agent runs resident in memory and is fully functional. It works as a back door, a redirector, etc so you can use it to smite other boxes in the network as a jump point. All of the apps run resident in physical memory so clean up is a snap. Then the entire session generates an XML report, from a list of templates and your done.

    They do a good job of keeping it up to date with the most current public exploits and others that their team finds.

    Drawbacks, Price, price, price...Their liscensing scheme is insane, not good unless you are amajor enterprise, maybe a very very busy independent consultant. Also it is loud like you read about, no stealth involved so it will be noticed if you run it against anyone not expecting it.

    Hope this helps
    \"If you take a starving dog in off the street and make him prosperous he will not bite you, this is the principle difference between a dog and a man\" - Mark Twain

  3. #3
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    re: Gump

    Thanks Gump - some good info there.

    Question:

    The exploit code used against targets...is it propreitary for Core Impact or do they use common exploits found in the wild? Regardless of which, is the code 'visible' to the pen. tester and modifiable either before a session (i'm thinking along the lines of NASL) or on the fly even?

    Just curious...I know i could ask the sales people but I'm not curious about sales pitches.

    Thanks again.

    Cheers,
    <0

    [edit: I reread your post Gump and noticed that you already answered my exploit question in terms of how the exploits are gathered. I'm still interested in the second half of my follow-up question though...]
    Ego is the great Logic killer

  4. #4
    <0

    They write all of their own code for the product in PYTHON. During the demo they showed the code but I don't remember if it came with the product or they only gave us a glimpse as part of the demo. Sorry, wish I could be more help here.

    I just looked up some stuff on PYTHON, (sorry I am not familiar with it) and it is a scripting lanuage. So yes the code would be provided and fairly easily altered.

    If I'm out on a limb, programmers help me out here!!!
    \"If you take a starving dog in off the street and make him prosperous he will not bite you, this is the principle difference between a dog and a man\" - Mark Twain

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    thanks Gump

    thanks for your comments Gump. any insight is always better than none - you highlighted some good points.

    I've found a trial copy of 3.2. This should give me a decent example of how the product operates and performs even though I think CI is on version 3.3 now.

    Thanks again.

    Cheers,
    <0
    Ego is the great Logic killer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •