Core - Useful links

HOME > CORE - USEFUL LINKS

Core - Useful Links

Core have some great content and services, most of which are available from their web site, all arranged in ways that make sense for them, not necessarily to you.

Here we bring everything Core Impact related together in one place, hopefully organised in a way that makes sense to you.

To keep you on your toes, Core have several portals:

Technical Support

With your subscription you get upgrades to the platform, updated exploits, and access to the Support team.

 

The Support team can be contacted in the following ways:

Community

Core are building out a community web site for users to share content that they have generated amongst themselves based on GIT. It is also a place where Core share content that they have generated outside of the development process e.g. things put together by the consulting team.

 

You can get to the community here: https://www.impactcommunity.io/

Training

There are several options available for training, ranging from formal courses, to video tutorials.

Formal Courses

Core offer a number of formal courses, some classroom led, most are eLearning. Of the eLearning ones, most are free. The courses are described here: https://www.coresecurity.com/content/core-security-training-courses

 

Core have just started to offer the CICP course for free to customers.  Register here: https://www.getfeedback.com/r/46XdfHBi/

 

If you want to have access to the eLearning courses login here: https://coresecuritysupport.force.com/ and navigate to the training tab. You can enrol in the free courses at will.

 

If you are interested in any of the paid courses, please talk with your S4 account manager.

Video Tutorials

There are a number of tutorials put together by different people. As an introduction you cannot go far wrong than with the sales demo which is here: https://www.s4apps.com/core-impact-demo/

If you want more detail then the support guys put together some videos in 2017 that walk through the 4 key areas of the product.

NameCommentLink
Network AttacksShows the general process for performing a network penetration test.https://youtu.be/sG0RUg8SKRo
Web Application AttacksShows the general process for performing a web application penetration test.https://youtu.be/F42sDsbAaiQ
Client Side AttacksNote: this area of the product we heavily revised and the 2018.1 release webinar covers this area better.

Shows the general process for performing phishing attacks.
https://youtu.be/eLsERrx8wmE
WiFi AttacksShow how to use the 2 different hardware devices that are supported to perform network attacks.https://youtu.be/fQQthm26w8o

Version Release Videos

When Core release new versions of the product they sometimes release material describing the content.

NameCommentLink
Release 2018.1 WebinarShows the new phishing functionality that was released in the 2018.1 release.https://youtu.be/cC1a204cDEc

Tips and Tricks Videos

These videos were put together by a number of different team members within Core and cover off different, more advanced areas of the product.

NameCommentLink
6 steps to running a pen testStart watching now to hear from Andy Nickel and learn the six fundamental steps of running a network penetration test.https://youtu.be/tMJo9iG5QhY
Understanding Agent TypesUnderstanding Agent Types in Core Impact: Discover the Pros + Cons

In this webinar, Matt Ducoffe will explain the usage and benefits of temporal agents to customers who traditionally like to run campaigns and make agents persistent. He will also explain the different settings and types of agents available to Impact users for best practices.
https://youtu.be/Ou2ItmqVJvI
Lazy Pen-Tester Tips and TricksDoes the thought of having to spin up single engagement items like infrastructure, domains, and certificates fill you with dread? If so, we've got some good news. In this webinar, we'll show you how you can leverage Impact's scripting capabilities to build custom setup workflows to make your engagements go more smoothly and efficiently.https://youtu.be/u725TX_hnhM
All the Phishes in the SeaTake a deeper dive into some of the key release features of Core Impact 18.1.

Additional info on Core's site here: https://www.coresecurity.com/webinar/63070
https://youtu.be/to3YOvCgzbQ
Customizable Reports with Core ImpactLearn how to use the customizable reports functionality available in Core Impact. With this you will be able to fully customize the spreadsheet by determining what you'd like to include, or exclude, in your report. This is very handy as a way to integrate Impact results directly with the tester process and reduce the required time to integrate findings with other tools or manual testing that may occur.

Additional info on Core's site here: https://www.coresecurity.com/webinar/62449
https://youtu.be/LoXHszC55gg
Beyond the Initial Compromisehttps://youtu.be/yKYCjC2vRLM
Restricted environmentsIn this video an experienced pen-tester will walk users though cool features and unique ways to use Core Impact during testing, such as:
  • Demonstrating how to set up DNS channels for agent communicationsDownloading and running PowerShell scripts even when compromised devices do not have internet connectivity
  • How to utilize the agentless WMI testing capabilities to make your tests even more stealthy
  • And much more
https://youtu.be/IZRLWCOQGTM
Lateral movementLateral movement and credential capturehttps://youtu.be/reYVzX410Zc
External pivot Setting up an external pivot with Core Impact.https://youtu.be/lkWxO_vu0MQ
Remote interface with Core ImpactMapping a network interface in a remote agent and setting up a VPN connectionhttps://youtu.be/ocGrhegUAes
License MoveRuns for about 1 minute but no sound. Shows a user "de-authorising" the Core Impact product and then "re-authorising" it. This is all done over the Internet (as this is what most people do) but it can be done via email / phone if needed. You will see the email & phone options in the wizards.https://youtu.be/dgVvC0A1x3k
Teaming DemoTeaming is where 2 or more people work on one pen-test.
The short video below shows how the Core Impact teaming functionality works. The "Teaming Server" has to be an unlimited license. The "Teaming Client" can be any size license.
https://youtu.be/R4iUyYLY5Ho