Beruflich Dokumente
Kultur Dokumente
• Finding addresses in PGP and Whois databases • Gather user names and passwords
from endpoint applications
You can also enter or import your own list of email addresses to test.
• Take a screenshot of current
activity on end-user’s desktop
Safely emulate phishing and spear phishing threats • Harvest email addresses from
With IMPACT Pro, you can either test email-user security awareness by replicating realistic phishing mail clients
attacks or conduct transparent assessments of client-side security without social engineering. The product • Deploy a keylogger that tracks the
includes sample email templates that mimic common phishing threats, and you can create your own user’s keystrokes
custom spear phishing emails that leverage inside knowledge of your organization. IMPACT Pro also takes
care of sending the email, giving you options such as selecting an SMTP server or spoofing a specific • Perform a password dump from
the user’s web browser
“from” email address (e.g., the administrative account on your network).
IMPACT Pro’s extensive library of client-side exploits cover threats that target: Many of these post-exploitation
modules can be run automatically after
• Endpoint applications: e.g., web browsers, email clients, instant messaging, media players, business the target is compromised. You can
applications and productivity tools therefore deploy phishing tests where
IMPACT “listens” for email-user clicks
• Endpoint security solutions: e.g., antivirus, anti-phishing, anti-malware, host-based intrusion detection for a period of time, automatically
and prevention systems launches Commercial-Grade
• Endpoint operating systems and services: e.g., Windows, Mac, Linux exploits, and collects evidence of
successful compromises.
Created in-house at Core Security by a professional team of experts, the product’s client-side exploits are
Commercial-Grade – ensuring that they are current, effective and safe for your network. What’s more, IMPACT Pro also enables you to
assess your network’s security
IMPACT Pro’s automated capabilities allow you to test an endpoint system against multiple client-side
against multistaged attacks that
exploits with a single click, adding efficiency and speed to security assessments. leverage compromised end-user
systems to target OS and services
Once you’ve successfully compromised an endpoint system, IMPACT then enables you to determine the vulnerabilities on backend servers
ramifications of an actual breach with a number of post-exploitation capabilities (see sidebar). (see reverse).
Pivot to network testing and determine the risks of inside access
IMPACT Pro is the only product to integrate endpoint and network security testing, emulating the multistaged attacks that increasingly
threaten organizations today. With IMPACT Pro’s Network Rapid Penetration Test capabilities, you can leverage any compromised end-user
system as a beachhead from which to launch attacks against backend servers. This allows you to replicate not only the actions of an attacker
who gains network access via a social engineering attack, but also those of a rogue employee or contractor with legitimate network access.
As a result, you’re able to demonstrate how a single compromise can escalate to a large-scale data breach – and get the actionable data you
need to prevent such a breach.
CORE IMPACT Pro includes the following endpoint and end-user reporting capabilities:
• Client-Side Penetration Test Report: a full audit trail of each attack, including the email template sent, exploits launched, test results
(success or fail), and details about compromised systems
• User Report: a report of which links were clicked, when they were clicked, and by whom
In addition, IMPACT Pro offers a variety of other ways to document your security assessments, including visual attack path reports, delta reports,
and PCI and FISMA compliance reports -- as well as multiple network, web application and wireless penetration testing reports.
© 2009 Core Security Technologies and CORE IMPACT are trademarks of CORE SDI, Inc. All other brands and products are trademarks of their respective holders.