Advanced Bundle - Core Impact & Cobalt Strike

Exploitation of Multiple Vectors:

Core Impact is an easy to use penetration testing tool that exploits security weaknesses associated with networks, people, web applications, endpoints, Wi-Fi, and SCADA environments. It expands the capabilities and productivity of pen testers, and automates repetitive and time consuming exploitation tasks.

Core Certified Exploits:

Core Security experts carefully develop and thoroughly test exploits, regularly updating and adding new exploits to Core Impact for different platforms, operating systems, and applications. In order to create the most comprehensive and trustworthy exploit library on the market, we work with third-party cybersecurity vendors to provide specialized exploit packs for various environments. Users can also import their own exploits. 

Powerful Encryption:

Core Impact utilizes robust cryptography to fully encrypt the keys used to protect the command and control communications between agents and/or workspaces.

Watermarked, Self-Terminating Agents:

Each build of Core Impact is unique and includes a watermark to aid in the identification of each distribution, and all agents deployed from it. This watermark provides forensic confirmation that these are legitimate testing agents and not from a malicious source. Additionally, all agents deployed from Core Impact are set to self-terminate, ensuring that no potential backdoors are left behind.

Remediation Validation:

Core Impact stores previous testing sessions, which can be quickly and easily rerun in order to validate that remediation efforts, such as new compensating controls, are effective.

Integrations:

Core Impact users can import third-party scanner data, and automatically validate vulnerabilities identified within those scans to provide a prioritized list of potential targets to test. Integrations with other pen testing tools like Metasploit, PowerShell Empire, and Plextrac further centralize testing environments.

Reconnaissance for Client-Side Attacks:

Cobalt Strike’s system profiler maps a target’s client-side interface your target uses, gathering a list of applications and plugins it discovers through the user’s browser, as well as Internal IP address of users who are behind a proxy server

Post-Exploitation:

Beacon is Cobalt Strike’s post-exploitation payload to model an advanced actor. Beacon executes PowerShell scripts, logs keystrokes, takes screenshots, downloads files, and spawns other payloads.

Covert Communication:

Beacon’s network indicators are malleable, using asynchronous “low and slow” communication pattern. Load a C2 profile to look like another actor. Use HTTP, HTTPS, and DNS to egress a network and resist blocking. Use named pipes to control Beacons, peer-topeer, over the SMB protocol.

Attack Packages:

Use Cobalt Strike to host a web drive-by attack using java applets or website clones. Transform an innocent file into a trojan horse using Microsoft Office Macros, or Windows Executables.

Browser Pivoting:

Use a browser pivot to go around two-factor authentication and access sites as your target. This man-in-the-browser attack will hijack a compromised user’s authenticated web sessions with a proxy server that injects into 32-bit and 64-bit Internet Explorer. Use the proxy server to inherit cookies, authenticated HTTP sessions, and client SSL certificates.