Core Impact Library
Core Impact Training and Help
Core Security have some excellent content and services, most of which are available from their web site, from Core Impact Training, to Core Impact documentation, to Core Impact videos, all arranged in ways that make sense for them, not necessarily to you.
Here we bring everything Core Impact related together in one place, hopefully organised in a way that makes sense to you.
Quick Links
Core Impact Support
With your subscription you get upgrades to the platform, updated exploits, and access to the Support team.
The Support team can be contacted in the following ways:
Note that you will need to register for the support portal before you use it and that a human reviews the application so it takes a few hours. It is suggested that you register for the support before you need access.
You will also find copies of useful product documents here, and sample report outputs here.
Core Impact Training
There are several options available for training, ranging from formal courses, to video tutorials.
Formal Courses
Core offer a number of formal courses, some classroom led, some eLearning; many of the eLearning ones are free. If you are interested in any of the paid courses, please talk with your S4 account manager.
Core have now made the Core Impact training available to anyone who registers. This content is evolving rapidly, and is of great quality. This page explains how to register.
Video Tutorials
There are a number of tutorials put together by different people. As an introduction you cannot go far wrong than with the sales demo which is here: https://s4applications.uk/core-security/core-impact-demo/
If you want more detail then the support guys put together some videos in 2017 that walk through the 4 key areas of the product.
| Name | Comment | Link |
|---|---|---|
| Network Attacks | Shows the general process for performing a network penetration test. | https://youtu.be/sG0RUg8SKRo |
| Web Application Attacks | Shows the general process for performing a web application penetration test. | https://youtu.be/F42sDsbAaiQ |
| Client Side Attacks | Note: this area of the product we heavily revised and the 2018.1 release webinar covers this area better. Shows the general process for performing phishing attacks. | https://youtu.be/eLsERrx8wmE |
| WiFi Attacks | Show how to use the 2 different hardware devices that are supported to perform network attacks. | https://youtu.be/fQQthm26w8o |
Version Release Materials
| Name | Comment | Link |
|---|---|---|
| Release 2018.1 Webinar | Shows the new phishing functionality that was released in the 2018.1 release. | https://youtu.be/cC1a204cDEc |
| Release 2018.2 Webinar | Lots of new features in the 2018.2 release, so much so that it gets its own page, link to the right. | https://s4applications.uk/core-security/impact-2018-2-release-video/ |
| 2019.1 Materials | A number of guides to help get you started with the product | https://s4applications.uk/core-security/2019-1-materials/ |
Roadmap sessions
Core delivered a product roadmap in October 2019 which discussed many features that will be delivered in the 2020 release. This session is available here: Roadmap 2019-10
Core Impact Tips And Tricks, from S4
| Name | Comment | Link |
|---|---|---|
| 6 steps to running a pen test | Start watching now to hear from Andy Nickel and learn the six fundamental steps of running a network penetration test. | https://youtu.be/tMJo9iG5QhY |
| Understanding Agent Types | Understanding Agent Types in Core Impact: Discover the Pros + Cons In this webinar, Matt Ducoffe will explain the usage and benefits of temporal agents to customers who traditionally like to run campaigns and make agents persistent. He will also explain the different settings and types of agents available to Impact users for best practices. | https://youtu.be/Ou2ItmqVJvI |
| Lazy Pen-Tester Tips and Tricks | Does the thought of having to spin up single engagement items like infrastructure, domains, and certificates fill you with dread? If so, we’ve got some good news. In this webinar, we’ll show you how you can leverage Impact’s scripting capabilities to build custom setup workflows to make your engagements go more smoothly and efficiently. | https://youtu.be/u725TX_hnhM |
| All the Phishes in the Sea | Take a deeper dive into some of the key release features of Core Impact 18.1. | https://youtu.be/to3YOvCgzbQ |
| Customizable Reports with Core Impact | Learn how to use the customizable reports functionality available in Core Impact. With this you will be able to fully customize the spreadsheet by determining what you’d like to include, or exclude, in your report. This is very handy as a way to integrate Impact results directly with the tester process and reduce the required time to integrate findings with other tools or manual testing that may occur. | https://youtu.be/LoXHszC55gg |
| Beyond the Initial Compromise | https://youtu.be/yKYCjC2vRLM | |
| Restricted environments | In this video an experienced pen-tester will walk users though cool features and unique ways to use Core Impact during testing, such as: Demonstrating how to set up DNS channels for agent communicationsDownloading and running PowerShell scripts even when compromised devices do not have internet connectivity How to utilize the agentless WMI testing capabilities to make your tests even more stealthy And much more | https://youtu.be/IZRLWCOQGTM |
| Lateral movement | Lateral movement and credential capture | https://youtu.be/reYVzX410Zc |
| External pivot | Setting up an external pivot with Core Impact. | https://youtu.be/lkWxO_vu0MQ |
| Remote interface with Core Impact | Mapping a network interface in a remote agent and setting up a VPN connection | https://youtu.be/ocGrhegUAes |
| License Move | Runs for about 1 minute but no sound. Shows a user “de-authorising” the Core Impact product and then “re-authorising” it. This is all done over the Internet (as this is what most people do) but it can be done via email / phone if needed. You will see the email & phone options in the wizards. | https://youtu.be/dgVvC0A1x3k |
| Teaming Demo 1 | Teaming is where 2 or more people work on one pen-test. The short video below shows how the Core Impact teaming functionality works. The “Teaming Server” has to be an unlimited license. The “Teaming Client” can be any size license. | https://youtu.be/R4iUyYLY5Ho |
| Teaming Demo 2 | Sometimes two heads are better than one. Learn about how Core Impact’s Teaming capabilities allow multiple pen testers to work on the same engagement and share resources, information, and control of compromised systems. | https://youtu.be/fpNNMSdR8ds |
| PowerShell with Core Impact | An important piece to note about Impact’s implementation of PowerShell is that it doesn’t require powershelle.exe and instead uses the .NET interfaces exposed by the operative system. Because of this, you can expect a stealthy and efficient integration that doesn’t trigger alarms. | https://youtu.be/rDAev_-7xQI |
| Pivoting with PCAP with Core Impact | In this quick video, we will show you how the Packet Capture (PCAP) plugin with Core Impact can be installed and used in order to quickly and efficiently improve the speed of information gathering tasks | https://youtu.be/qIqDoxS9BLw |
| DNS Channel & Temporal Agents with Core Impact | https://youtu.be/TaBHCy54cmM | |
| Better Pivoting = Better Pen Testing | https://youtu.be/2WcaF8oLm6c | |
| End to End Web Application Testing | https://youtu.be/x0Ewo0phHrg | |
| Agentless WMI Shells | https://youtu.be/k1wrvodIPuE | |
| Basic phishing and privilege escalation against windows | https://youtu.be/AlIuxLjwtjw | |
| Customising reports | A short web page describing how to customise reports. | https://www.coresecurity.com/blog/customizable-reports-core-impact4 |
| Privilege Escalation | Impact simplifies the often time consuming process of finding the right privilege escalation exploit by using the privilege escalation RPT. | https://youtu.be/uetJkwNvV7s |
| Workspace Management | Core Impact features powerful capabilities to group all data and logs associated with an engagement or project together in a Workspace | https://youtu.be/lceq5zCIaHU |
| Quick Information Module | Core Impact features thousands of distinct modules. Learn how to use the Quick Information display to get access to critical information for your penetration test. | https://youtu.be/CgHL1HfoNog |
| Metasploit Integration | Core Impact integrates with the Metasploit Framework to give you access to Metasploit’s network exploits. Learn how to install Metasploit, configure the integration and use it | https://youtu.be/5e_Clw-VjfY |
| Local Information Gathering | Getting an agent on the box is just the beginning. Learn how to use Core Impact’s local information gathering capabilities to develop intelligence on users, services, and networks available from compromised machines. | https://youtu.be/aSWwpqzpcYE |
| Connection Methods | Learn the different methods of how Core Impact’s agents can communicate, when to use them, and more. | https://youtu.be/JSyiQ_UU0Uk |
| Identity Manager | Learn how Core Impact makes it easy to collect, store, and use user credentials and identities. | https://youtu.be/NKd0JizhMHQ |
| Clean Up | Learn how you can quickly clean up deployed agents, as well as redeploy them if necessary. | https://youtu.be/_F1SkvbnZ50 |
| Agent Packing | Learn about the flexible options Core Impact provides you for packaging and using our Agent payload. | https://youtu.be/OsPd91rtxB0 |
| Attack and Penetration Test | Learn the basics of using Core Impact’s Attack and Penetration Rapid Pen Test functionality to quickly assess a host or network for easy to exploit vulnerabilities with minimal setup and effort. | https://youtu.be/0QRvgIQRHBc |
Core Impact Tips And Tricks from, Core Security
Core have also started to put content on their web site again on this page:
https://www.coresecurity.com/resources. This page includes everything that they have for all of their products. You can select the product of CTS -> Core Impact, or the following links are more useful:
- Core Impact, E courses
- Core Impact, Short Videos