Penetration testing for mobile phones
Posted on 04 August 2011.
Core Security announced the Core Impact Pro v12 penetration testing software, a commercial-grade solution that pinpoints security exposures in Android, BlackBerry and iPhone mobile devices to help prevent the theft and compromise of sensitive enterprise data accessible deeply within them.

The solution significantly advances the use of the community-developed Metasploit Framework through features that meet strict enterprise requirements for effective use of open-source exploits. Metasploit Framework exploits effectively supplement Core Security’s vast library of commercial-grade exploits.

Additionally, Core Impact Pro now supports IPv6 environments, provides assessment capabilities for all OWASP Top Ten Web application vulnerabilities, and establishes VPN pivots on Windows and Linux systems.

The solution assesses the real-world security of Web applications, network and endpoint systems, mobile and network devices, wireless networks, email users and information security policies. The penetration testing software solution safely replicates a broad range of threats.

New mobile device penetration testing capabilities include:
  • Evaluate Android, BlackBerry and iPhone mobile device security, prior to deployment
  • Identify and prove critical exposures to data, just as deeply as criminals (retrieve phone call, SMS and MMS information, download contacts, gather GPS location data)
  • Assess end-user security awareness using common social engineering techniques (phishing emails and texts, Web form impersonation, fake wireless access points, wireless Man-in-the-Middle attacks)
  • Gain actionable data and reports on mobile device security
Advanced usage of Metasploit exploits:
  • Run Metasploit Framework exploits through any pivot point to remotely launch exploits against compromised systems, regardless of where they fall on the attack path revealed during testing
  • Increased testing scope to reflect a broader range of attacks, by selecting and identifying Metasploit Framework exploits using built-in selection capabilities
  • Deploy Core Security’s agent payload to take advantage of advanced post-exploitation and pivoting capabilities, based on exploits created by either Core Security or Metasploit Framework
  • Encrypt all agent payload communications for penetration testing
Support for OWASP Top Ten, IPv6 and VPN pivoting:
  • Assessment capabilities that address all OWASP Top Ten Web application vulnerabilities
  • Includes cross-site request forgery, OS command injection, and unvalidated redirects and forwards
  • Security assessments that now target and attack over IPv6 systems
  • VPN pivoting on both Windows and Linux systems
  • Run vulnerability scanners and other complementary solutions against targeted systems
  • Enhanced anti-virus evasion


DMARC: The time is right for email authentication

Posted on 23 January 2015.  |  The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jan 26th