Client Side RPT
In contrast with traditional remote exploits which target services that the penetration tester can see over the network or Internet, client-side exploits target applications running on users' workstations. Because these applications are under the control of the end-user and do not actively listen on the network, s uccessful exploitation typically requires some form of end-user interaction. This interaction might entail the end-user opening an email attachment, clicking on a specially-crafted URL, or browsing to a specific website. Convincing the end-user to perform the required action is often more dependent on social engineering than on technical expertise. For example, many contemporary attacks such as Phishing and some email viruses require user interaction, even though they are designed to exploit a technical vulnerability such as a buffer overflow.
Core Impact 's client-side exploits are an excellent representation of these attacks. The Client-side RPT allows you to simulate a social engineering attack by sending email to your community of users. The tests can be tailored by you to appear legitimate but will initiate an attack on any user's computer should they follow an action prompted by the email contents. The RPT begins by scouring the Internet, your intranet, or any other specific web site for email addresses that match a domain of your choice, just as an attacker might do. The test will also look for documents and search within them and their metadata to find data that could be used to craft a client-side attack. With the Client-side RPT, you can learn a) how prevalent your users' email addresses are on the Internet, b) how careful your user community is when they receive email, c) how vulnerable their desktop computers are to known exploits, and d) how effective your antivirus, email filtering, content filtering, intrusion prevention and intrusion detection policies are.
If you want to use a means other than email to deliver a client-side attack, see the Decoupling the Attack Vector from the Exploit Mechanism section.
Follow these links to learn about the different Client-Side testing steps: