CORE Impact

Why we need security assessment?

In  globalized economy, information is seen as vital to businesses. According to TÜV Rheinland Vietnam’s data privacy department, more than 15,000 records of hospitals were found in the trash every year, with 30,000 passwords of Internet accounts being leaked. 25 people from the business development department of the company switched to rival companies, banks have to paid millions of dollars because of hacking into the trading system and 300,000 fish credit accounts were stolen, some were published on the Web.

Therefore, we should have solutions to minimize the risk of losing information. One of the solutions is assessment, ensure the security and confidentiality of the organization’s information system.

And through automated assessment tools, organizations can quickly, comprehensively and effectively assess vulnerabilities as well as accurately assess the real risk from those vulnerabilities.

Which tool ?

CORE Impact is a product of Core Security, America’s leading security company. Realizing the benefits and efficiency that Core Impact brings, Vietnamese Network Security Joint Stock Company (VSEC) has contacted and negotiated, to become the official distributor of this product in Vietnam.

This is the first and most useful software in the field of vulnerability assessment and penetration testing to proactively verify the risks of information security. CORE Impact helps security experts in identifying APT threats and other complex attacks that could cause a risk to agencies and organizations.

Unlike other security vulnerability management solutions, CORE Impact provides customers with a multidimensional commercial testing tool capable of safely emitting data theft attacks on multiple components of IT system. As a result, the security staffs actively manage and reduce the risk.

Highlights of CORE Impact:

Mechanism of operation:

The CORE Impact installation server will be provided information about integrated networks, endpoints, website applications, mobile devices, end users and wireless networks.

The solution performs automatically, detects target information, and then selects corresponding exploit modes to perform intrusion detection. This helps users do not have to edit many solutions. For advanced users, you can edit the parameters corresponding to each exploit code for testing.

Core Impact operation diagram

After testing successfully, it will give high realistic report:

The following video will provide mechanism of operation of Core impact completely. Link

Outstanding features of Core Impact:

  • Identify weaknesses in web applications, web servers and associated databases–with no false positives
  • Test for all OWASP Top Ten web application vulnerabilities
  • Dynamically generate exploits that can compromise security weaknesses in custom applications
  • Import and validate results from web vulnerability scanners to confirm exploitability and prioritize remediation
  • Assess the consequences of a web application being hacked by linking to a server and network.
  • Gather network information via Network Discovery, Port Scanner, and OS and Service Identification
  • Identify and exploit critical OS, device, service, and application vulnerabilities
  • Replicate attacker attempts to access and manipulate data
  • Leverage compromised systems as beachheads to attack other network resources through VPN and proxy pivots
  • Search for email of users through website structure , documents, searching website, PGP and Whois
  • Send phishing emails
  • Use client-side exploits to test endpoint system security, assess defenses, and pivot to network tests
  • Test security awareness with or without exploiting systems
  • Identify critical exposures posed by mobile devices on your network
  • Evaluate the security of new mobile devices and related web services prior to deployment
  • Access call and text logs, GPS data, and contact entries
  • Protect end users from fraud risk.
  • Assess WEP, WPA-PSK and WPA2-PSK encrypted networks
  • Collect data about the system connected to the network.
  • Conduct man-in-the-middle attacks, intercept wireless transmissions, and insert exploits into relayed traffic
  • Impersonate access points to target Wi-Fi enabled systems
  • Link equipment already occupied with the back-end systems such as network, application or user.
  • Scans network devices in the predefined IP range and collects device information such as manufacturer, model, operating system, etc.
  • Attacks the device through the corresponding vulnerabilities of the device, operating system, configuration, password cracking, …

Core Impact Benefits:

EASY TO do, QUICKLY.

CONCENTRATE dealt with real security risks.

COMPREHENSIVE INFORMATION SYSTEM REVIEW.

Monitor the overall security status of the system through reporting.

Experience the Core Impact!