Core Impact Architecture

Core Impact delivers the following features within its framework:

A repeatable process for penetration testing: Core Impact supports all the steps needed for a successful network, client side and web applications penetration test. It approaches all phases of a penetration test in an intuitive and usable fashion, and consistently provides the user with an up-to-date view of all information accumulated during the current penetration test.

Flexibility: Core Impact provides a flexible penetration testing framework, capable of adopting methodologies defined by the user and adapting to different target configurations.

Scalability: Core Impact provides a highly scalable penetration testing solution:

Test web applications with up to 200 web pages.
Run client side tests through over 3,000 target email accounts.
Run network tests of up to 8 half-populated class-C networks.

Commercial-grade exploit code: Core Impact provides you with up-to-date support for a wide range of exploits for different platforms, operating systems, and applications, and multiple combinations of versions. These exploits allow you to gain and retain access on the target host or application.

A powerful framework for developing exploits and tools that aid in the penetration testing process: Core Impact's framework enables your team of Information Security experts to develop and customize new or existing tools quickly by providing a mechanism for acquiring and reusing knowledge and experience from successive penetration tests and different penetration-testing teams. When possible, it also enables the creation of exploit code and scripts that are independent of the target operating system or hardware architecture.

NOTE:

Some exploits/tools are platform-dependent due to the nature of the functionality they provide (for example, a 'chroot breaker' module will not work on a Windows system).

Transparent pivoting: Core Impact execution subsystem, together with its agent technology, enables modules to run from intermediate compromised hosts without modification. This powerful capability allows you to seamlessly stage or proxy attacks through intermediate hosts to probe further into the network.

Complete logging of test activities: All of the activities completed within Core Impact's framework are logged and stored in a database for later analysis and reporting.

NOTE:

It is not in the current scope of the product to provide a secure non-repudiable log of all the activities performed by the user (a log that would allow for "auditing the tester"), but it does greatly simplify the reporting and clean-up stages of the penetration test.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
21.6 | 202408120319 | August 2024