Core Impact Trials
Background
We typically run a Core Impact trials in 2 phases; phase 1 is the training phase where we try to get you skilled up on the product, and phase 2 is where we send you the software the on-site where you can practise the skills that you have learned.
Phase One - Training on the sandbox
Here we give you access to trial Core Impact using a sandbox environment (on Azure), this has the following benefits for everyone:
- Everything is provided for you, you don't need a test network or a machine to install Core Impact on
- You connect to the Impact machine on Azure using remote desktop
- If anything gets broken, nobody cares
- We can easily get remote access & screen sharing to help with training
- We also give you access to the training course to help get you skilled up
We typically run trials for 1 week and in reality, you will need two days within that 1-week period to do your testing; there is a lot to look at.
We need about 3 days to get this arranged for you.
Phase Two – On site trial
To run a Core Impact trail on your site, you will need a machine to put Core Impact on and some suitable, vulnerable target machines. Fully patched Windows 10 is not a good target machine (it is also not representative of a real environment!!!!), so think old Windows, old Linux or possibly an image like Metasploitable that has known vulnerabilities on it.
Before you start, we will ask you to give some thought to what your objectives are, and talk them through with us. Just putting the software on your network, and running the wizard to “see what happens” is not really a good idea for many reasons. This phase is a lot more work for you, and us, so we like to understand the plan.
If you want to know what CVEs Core Impact has an exploit for, they are all listed here: https://www.coresecurity.com/core-labs/exploits To this you can also add the exploits from Metasploit framework too. Further exploits are available with the industry specific Exploit Packs.
We also ask that the Core Impact trial machine can be accessed using Zoom (or similar) so that we can get remote access with your help.
We typically run this for 1 Week and again we need about 3 days notice to get the license. These trial licenses are also only for internal networks with non-routable IPs (RFC1918).