Wednesday, July 21, 2010

Core Impact Pro: Penetration testing framework


Needless to mention how useful metasploit is being for security world. Who ever you are, either a script kiddie or a seasoned professional metasploit got something for you to learn from. For those of you new to metasploit, its a framework with useful tools for penetration testers, Intrusion detection system signature developers, security professional or just some one to learn hacking in a simulated environment. Metasploit's main aim is to provide more updated information on exploit techniques and to create a functional knowledge base for exploit developers and security professional. Though the tools and techniques provided are there for ethical testing reasons, there are instance where can anti social elements may use this information to create an attack vector.
Today CORE IMPACT joined hands with Metasploit to come up with an updated commercial security framework called CORE IMPACT Pro. It obsoletes the need for having two scanners for same function. The upcoming framework can expect to have some of the coolest functionalities like Meterpreter plugin which allows clients to easily deploy IMPACT Pro Agent onto any machine that they have gain access to via Metasploit. And for those customers who simply want to run Metasploit alongside IMPACT Pro, they can now have the Attack and Penetration Wizard call and run Metasploit’s db_autopwn feature directly from our product.
Project manager Alex Horan wrote in his blog
This standard language for communicating information about a machine – and the actual vulnerabilities present on that machine – allows any system that can report or act on such information to more easily understand the results of an IMPACT Pro test.  Also count among the new methods of exporting data from IMPACT Pro our added delivery of an integration with vulnerability assessment specialist Qualys’ PCI Connect SaaS Platform. And for our friends who work in the public sector, the change of agent encryption to the AES standard will also prove handy for those specifically bound by FIPS-140.
Supplementing these additions driven directly by my time spent talking to people working to secure their environments or measure the security of their environments are the IMPACT Pro usage stats that a growing number of our customers have chosen to share with us in an anonymous fashion.
By analyzing this data we’re beginning to draw some interesting conclusions about just how people utilize IMPACT Pro and that state of the world as seen by penetration testers using the product.
With IMPACT Pro v10 we began sharing this data back to those customers who are sending their testing information to help them better understand how their testing practices and results stack up compared to the rest of the participating customer community.
With v10.5, we’ve now added the ability for organizations to tell us what industry that they belong to – so now you use this feature to see just how you compare to other IMPACT Pro users from within your specific area of business.
Among the updates to IMPACT Pro v10.5 are:
  • Integration with the Metasploit penetration testing framework: this new integration offers users of the two systems the ability to utilize Core's commercial-grade, automated solution - with its massive library of professionally developed exploits, easy-to-use interface, and in-depth reporting capabilities - directly alongside Metasploit.
  • Integration with Qualys PCI Connect SaaS (News - Alert) platform: With this customers can now address PCI DSS Requirement 11.3 - which directs merchants to perform in-depth penetration testing on a frequent basis - and run IMPACT Pro's PCI Vulnerability Validation Report to complete their Self Assessment Questionnaire (SAQ) within the QualysGuard PCI Connect interface
  • Support for the Security Content Automation Protocol (SCAP): this moves incorporates CVE, CVSS, CPE data into its reports and is also able to export the data in XML format for use in centralized security databases
  • Enhancements to the CORE IMPACT Dashboard and Usage Statistics: this adds a range of improvements to its Dashboard interface, including more intuitive presentation of product usage statistics
  • Use of the AES encryption standard for IMPACT Agent communications: AES encryption for interactions carried out between the product's Console and any IMPACT Agents deployed on systems while undergoing penetration tests.
  • Microsoft (News - Alert) Windows 7 64-bit support
Besides its new functionality, it also allows you to see your network, endpoint, email-user and web application security as an attacker would. With IMPACT, you can:
  • pinpoint exploitable OS and services vulnerabilities in network and endpoint systems
  • measure end-user response to phishing, spear phishing, spam and other email threats
  • test web application security and demonstrate the consequences of web-based attacks
  • distinguish real threats from false positives to speed and simplify remediation efforts
  • configure and test the effectiveness of IPS, IDS, firewalls and other defensive infrastructure
  • confirm the security of system upgrades, modifications and patches
  • establish and maintain an audit trail of your vulnerability management practices
  • schedule tests to run automatically on a recurring basis
Source: