Presentation on theme: "Hamde AL Tamimi Mohammad Ali Qattan Amira Mosa AL Braim Rakan Tayseer"— Presentation transcript:
1 Hamde AL Tamimi Mohammad Ali Qattan Amira Mosa AL Braim Rakan Tayseer CORE IMPACTHamde AL TamimiMohammad Ali QattanAmira Mosa AL BraimRakan Tayseer
2 What is CORE IMPACT ?CORE IMPACT is, in fact, an automated penetration(تغلغل ) testing tool, which scans a range of hosts looking for Weak Points for which it has effective exploits(استغلال ).These exploits can then be launched against the vulnerable(الضعيفة ) hosts to attempt to gain access.Having gained access to a vulnerable host,CORE IMPACT can install Agents which provide varying levels of remote access (including directory listing, uploading and downloading files, and so on).It is even possible to use a compromised host to launch new penetration tests against other hosts on the network which may not have been visible on the initial scan.This way the penetration tester can move from host to host within the compromised network.
3 ContCORE IMPACT thus allows the user to safely exploit Weak Points in the network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated.The product features the Rapid Penetration Test (RPT),a step-by-step automation of the penetration testing process. From the initial information gathering phase to production of the final report, the penetration testing steps within CORE IMPACT can be run completely autonomously. The steps in this process include:Information GatheringAttack and PenetrationLocal Information GatheringPrivilege Escalation(التصعيد )Clean UpReport Generation
4 ContEach of the six processes listed previously are available as Wizards in the Rapid Penetration Test window.By following each of them in turn, the average user will follow the typical “hacker methodology” recommended by every generic hacker’s handbook, and be able to complete a very comprehensive penetration test without recourse to experts or outside consultants.Of course, experts and consultants will also find this tool incredibly useful in their day-to-day work
5 Information Gathering We have types of test which led to multiple ways to gather informationsuch as:Client-Side Rapid Penetration TestingMobile Device Rapid Penetration TestingNetwork Device Rapid Penetration TestingNetwork Rapid Penetration TestingWeb Application Rapid Penetration TestingWireless Rapid Penetration Testing
6 Client-Side Rapid Penetration Testing In the case of end-user testing, Information Gathering involves the collection of addresses to target with phishing, spear phishing(Instead of casting out thousands of s randomly hoping a few victims will bite, spear phishers target select groups of people with something in common—they work at the same company, bank at the same financial institution, ) or other social engineering attacks. CORE IMPACT offers a number of modules for gathering addresses of individuals in your organization, or you can enter or import your own list of addresses to test.Key CapabilitiesCrawl a website to harvest addresses published on the siteThe Major effect of search engines to locate addresses for a given domainFind addresses in Pretty Good Privacy (PGP)(Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt over the Internet. ) and Whois databasesScan a domain for documents and scrape useful information from them, such as addresses
7 Mobile Device Rapid Penetration Testing To specify mobile devices to test, you simply enter target device information )such as owner name, address and phone number (into the CORE IMPACT interface.
8 Network Device Rapid Penetration Testing If CORE IMPACT Differentiate(تميز ) the operating system of a target and confirms it to be a network device, it will attempt to collect information about the device. Alternately, CORE IMPACT includes a Passive Cisco Discovery Protocol (CDP) network discovery module that listens for broadcasts from Cisco devices.Key CapabilitiesFingerprint found devices to determine manufacturer, device model/type, and operating system detailsDetermine the inputs on which the device accepts connections or instructions, including Simple Network Management Protocol (SNMP), Telnet, HTTP, etc.
9 Network Rapid Penetration Testing The Information Gathering step collects data about the targeted network, typically using Network Discovery, Port Scanner, and OS and Service Identification modules. Alternately, you can complete this step by importing information from your network mapping tool or Weak Points scanner.Key CapabilitiesIdentify the operating system and services running on targeted machinesControl the IP ranges you want to scanSelect from a variety of network discovery and port scanning methods, including TCP Connect, Fast synchronise packet in (TCP) and Internet Control Message Protocol (ICMP)
11 Wireless Rapid Penetration Testing CORE IMPACT’s discovery capabilities allow users to identify both authorized networks and unauthorized points of access. It then profiles any networks discovered by analyzing signal and packet data to measure network strength, determine security protocols, and identify devices interacting with the involved network.Key CapabilitiesDiscover both known and unknown Wi-Fi networks and access pointsGather MAC addresses and service set identifiers (SSID)(An SSID is the name of a wireless local area network (WLAN). All wireless devices on a WLAN must employ the same SSID in order to communicate with each other. ) from beaconing machinesImpersonate(انتحال صفة ) access points, and fingerprint / harvest information from systems that connectGather information on network strength, security protocols and connected devicesScan traffic for streams of sensitive data
12 Attack and Penetration We also have the same categories mentioned before such as:Client-Side Rapid Penetration TestingMobile Device Rapid Penetration TestingNetwork Device Rapid Penetration TestingNetwork Rapid Penetration TestingWeb Application Rapid Penetration TestingWireless Rapid Penetration Testing
13 Client-Side Rapid Penetration Testing In this test, you create an , associate it with an exploit, and go phishing. The product includes sample templates that simulate common phishing attacks. You can also create your own custom spear phishing s that effects inside knowledge of your organization.CORE IMPACT’s big library of client-side exploits includes attacks that target endpoint applications, endpoint security solutions, and endpoint operating systems and services. The product also takes care of sending the , giving you options such as selecting an Simple Mail Transfer Protocol (SMTP) server or Trick a specific “from” address.Key CapabilitiesCreate phishing, spear phishing and spam s from a variety of pre-built templatesSafely deploy Agents using real-world malware attacks(Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. ) to test end-user system securityTrack who responds to attacks and measure the effectiveness of security awareness programs with or without exploiting their systemsAssess data leakage risks by luring(استدراج ) users to complete imposter(دجال ) web formsProve the consequences of a end-user security breach by interacting with compromised workstations
14 Mobile Device Rapid Penetration Testing CORE IMPACT uses real-world attack techniques including phishing, web form impersonation, fake wireless access points, and wireless man-in-the-middle attacks(The man-in-the-middle attack is a form of active eavesdropping(التنصت ) in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones ) to assess end users and their devices.Key Capabilities:Phishing: send s and texts that determine whether employees would fall prey to phishing and spear phishing attacks by clicking through to malicious(خبيث ) sites and/or installing Untrusted mobile appsWeb Form Impersonation: assess data leakage threats by doing phishing tests classified with links to web forms designed to capture and record user-entered dataFake Wireless Access Points: impersonate valid wireless access points and gather profile information about the connected devices, launching attacks when the device or user requests data from the fake access pointWireless Man-in-the-Middle: identify and monitor wireless networks that have either no encryption or WEP-based encryption and observe any connected devices; intercept transmissions and insert attacks that target the connected devices
15 Network Device Rapid Penetration Testing CORE IMPACT uses dictionary attacks (a dictionary attack is a technique for defeating authentication mechanism by trying to determine its decryption key by searching likely possibilities successively trying all the words in an list called a dictionary from a pre-arranged list of values . )to guess passwords and gain access to network devices. Once the device is compromised, CORE IMPACT offers various modules to explain the ramifications of the breach(الخرق تداعيات).Key Capabilities:Launch dictionary attacks to gain device accessRetrieve the configuration file of a compromised device and try to crack passwords that are in useRename compromised devicesDemonstrate how attackers could intercept copies of data packets via interface monitoring
16 Network Rapid Penetration Testing During Attack and Penetration, CORE IMPACT automatically selects and launches remote attacks leveraging(الاستفادة من ) IP, OS, architecture, port and service information obtained in the Information Gathering step. You can choose to launch every potential attack against each target computer, or you can have the system stop once it successfully deploys a single Network Agent, which carries the attack payload. You maintain full control over which computers are attacked and the order in which exploits are launched. In addition, you can further simplify and speed tests by excluding exploits that may leave a target service unavailable or take a long time to run.Key CapabilitiesLaunch multiple, many attacks at the time to speed the penetration testing processInteract with compromised machines via discrete Agents that are installed only in system memoryRun local exploits to attack machines internally, rather than from across the networkMaintain control over which exploits are applied
17 Web Application Rapid Penetration Testing CORE IMPACT enables you to test web applications for Persistent Cross-Site Scripting (XSS)(Dynamic Web sites have a threat that static Web sites don't, called "cross-site scripting," also known as "XSS." ), Reflective XSS (both for static HTML and Adobe Flash® objects), Remote File Inclusion for PHP applications, SQL Injection, and Blind SQL Injection. CORE IMPACT then dynamically creates exploits to prove whether the Weak Points makes actual threats. If an exploit is successful, CORE IMPACT establishes an Agent that allows you to take a number of actions to reveal at-risk information assets.Key CapabilitiesAnalyze custom, customized and out-of-the-box web applications for security weaknessesValidate security exposures using dynamically generated exploits, emulating a hacker trying various attack paths and methodsGuess application usernames and passwords with dictionary attacksThe effect of Web Application Firewall (WAF) evasion(التهرب ) capabilitiesExplain the consequences of an attack by interacting with web server file systems and databases through command shells and database consolesPerform penetration tests without corrupting web applications or running code on targeted servers
19 Wireless Rapid Penetration Testing CORE IMPACT determines keys by taking advantage of known Weak Points in WEP-secured networks(Wired Equivalent Privacy (WEP) is a security algorithm for IEEE wireless networks ). The solution also assesses networks secured by WPA(Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed to secure wireless computer networks ) and WPA2 (using a Pre-Shared Key) via dictionary attacks that leverage information from sniffed authentication attempts. Finally, CORE IMPACT enables you to intercept wireless transmissions and conduct Man-in-the-Middle attacksKey CapabilitiesReplicate attacks against WEP, WPA and WPA2-encrypted networksDo Man-in-the-Middle attacks, intercept wireless transmissions, and insert exploits into relayed trafficImpersonate access points to connect with beaconing systems and test them against remote exploits
20 Local Information Gathering The Local Information Gathering step collects information about computers that have CORE IMPACT agents deployed on them. During this step, you leverage Network Agents to interact with compromised computers and gather previously unavailable information about the OS, privileges, users and installed applications. CORE IMPACT can collect information from all deployed Agents or only from those that you specify.Key CapabilitiesBrowse file structures and view file contents on compromised machinesView rights obtained on compromised machinesInteract with compromised machines via command shellsExplain the consequences of security breaches by replicating the steps an attacker would take after gaining access to a systemExtract data from compromised mobile devices, including call, SMS and MMS logs; GPS location; and contact information
21 Privilege EscalationDuring the Privilege Escalation step, CORE IMPACT attempts to penetrate deeper into a compromised computer by running local exploits in an attempt to obtain administrative privileges. After Privilege Escalation, you can shift the source Agent to one of the newly compromised systems and cycle back to the initial Information Gathering step, thereby establishing a beachhead from which to run attacks deeper into the network.Key CapabilitiesRun local exploits to attack systems internally, rather than from across the networkGain administrative privileges on compromised systemsView the networks to which a compromised computer is connectedLaunch attacks from any compromised system to other computers on the same network, gaining access to systems with increasing levels of security
22 CleanupThe Cleanup step automatically uninstalls every connected Agent. Agents are uninstalled in post order to support complex Agent chains. In addition, all Agents are automatically uninstalled when closing the active workspace, regardless of whether the Cleanup step is executed or not.Key CapabilitiesQuickly and easily remove all Agents from compromised machines, leaving your network and end-user systems in their original states
23 Penetration Testing Report Generation CORE IMPACT generates clear, informative reports that provide data about targeted systems and applications, results of end-user penetration tests, audits of all exploits performed, and details about proven Weak Points. You can view and print reports using Crystal Reports or export them in popular formats such as HTML, PDF and Microsoft Word.Key CapabilitiesObtain actionable information about exploited Weak Points, compromised end-user systems, web application weaknesses and associated risksCreate activity audits to satisfy Commitment and regulatory requirementsExport report content in popular formats that can be easily customized and shared