During the course of 2012 we created a few new teams internally with the goal of ensuring we were providing maximum value to our customers as effectively as possible. Two of those teams were the Exploit Effectiveness Team and the L3 Team for Impact (one exists dedicated to Insight as well).
The Exploit Effectiveness Team is tasked with identifying changes in Impact that would make the product more likely to effectively exploit any risk present in an environment. While you would expect them to be focused on the exploit modules they actually spend a lot of their time analyzing the usage stats that are submitted by those users of Impact who have enabled their copy’s to provide that anonymous data to Core (and may I say again a big thank you to those of you who have; the data is extremely valuable). Some of the larger pieces that have come from this group include the new exploit sorting by vulnerability announcement date in the Network Attack and Penetration wizard; continued AV evasion updates; the AV evasion shell for windows and a host of other improvements.
The L3 team has a simple goal; take a customer request (via support or an account manager) and if they can produce the feature in four weeks of work or less (design, coding and QA) they produce it. If they cannot they pass this request to myself and I then try and get it on the product roadmap.
As a result we now have three groups providing updates to Impact; the Exploit Writing team being the third. As a result we are releasing a lot more functionality and value between new versions of the product than we ever have in the history of the Impact product line.
With that lengthy introduction, I am pleased to announce the availability of CORE Impact v2013 R1.1 for our customers. This update builds upon the powerful 2013 R1 release and adds more than 50 new updates to the product. All customers can update to the new version from 2013 R1 by simply performing a "Get Updates" from within their copy of Impact.
So what have we added in this new version? Well the 50+ updates break out into the following:
- Ability to import the results of a Cenzic web app scan
- Ability to import the results of Microsoft Baseline Security Analyzer scan
- Ability to import the results of a ACAS Nessus scan
- Ability to learn the details of the AV client present on a compromised windows box
- Updated the supported versions of the Foundstone/MVM importer
- Updates to the:
- SNMP Verifier module
- Network discovery UPnP module
- x86-64 support
- Client Side Attack and Penetration Wizard
- Vulnerability Scanner Validator Wizard
- Fake Access Point module
- Access Point Discovery Module
- 25 new exploits
- 7 updates to existing exploits
- Additional maintenance and bug fixing modules.
So how does this make Impact (and your job better?) – with the increased support for more 3rd party scanners we can now import and validate results than ever before. This enables you to eliminate the noise from the results and concentrate only on the critical vulnerabilities that present proven risk to your environment. Wizard improvements are designed to ensure you are presented with the right information at the right times. And the constant flow of exploits from our full-time internal Exploit Writing Team ensures you always have the largest number of weapons in your arsenal.
What next, work is already underway on the next release, and I am confident we will produce more of the capabilities and techniques that our customers need and will derive value from. If you’d like to talk about the roadmap drop me a line!
Alex Horan – Impact Product Manager
To learn more about CORE Impact click here http://www.coresecurity.com/penetration-testing-overview