Core Impact Trials
We typically run a Core Impact trials in 2 phases; phase 1 is the training phase where we try to get you skilled up on the product, and phase 2 is where we send you the software the on-site where you can practise the skills that you have learned.
Phase One - Training on the sandbox
Here we give you access to Impact using a sandbox environment (on AWS), this has the following benefits for everyone:
We typically run trials for 2 weeks, with some review calls. In reality, you will need two days within that 2-week period to do your testing.
We need about 3 days to get this arranged for you.
Phase Two – On site
Here you will need a machine to put Core Impact on and some suitable, vulnerable target machines. Fully patched Windows 10 is not a good target machine (it is also not representative of a real environment!!!!), so think old Windows, old Linux or possibly an image like Metasploitable that has known vulnerabilities on it.
We will ask you to give some thought before you start to what your objectives are, and talk them through with us. Just putting the software on your network, and running the wizard to “see what happens” is not really a good idea for many reasons. This phase is a lot more work for you, and us, so we like to understand the plan.
If you want to know what CVEs Core Impact has an exploit for, they are all listed here: https://www.coresecurity.com/core-labs/exploits
We also ask that the Core Impact machine can be accessed using Zoom (or similar) so that we can get remote access with your help.
We typically run this for 1 Week, have 1 workshop session, and again we need about 3 days notice to get the license. These licenses are also only for internal networks with non-routable IPs (RFC1918).
Getting Started on a Trial
Below is a short 8 minute video that will help get you started on the trial.