SecureAuth Enhances Core Impact to Simplify Critical Penetration Testing Tasks

Product update is latest in SecureAuth’s innovation stride, continuing its mission to eliminate identity-related breaches and enable trust

IRVINE, Calif., Oct. 10, 2018 (GLOBE NEWSWIRE) -- SecureAuth, the leader in continuous identity security, announced several updates to its penetration testing solution, Core Impact today at Intersection 2018. Core Impact 18.2 adds the ability to simplify penetration testing for Kerberos Golden Ticket and Silver Ticket identity-based attacks, expanding the options to automate time-consuming, repeatable tasks. The update also offers:

  • Enhanced integration with Burp Suite
  • Support for the Open Web Application Security Project’s (OWASP) top 10 web app vulnerabilities
  • Support for Kerberoast attacks
  • Updated Nmap for information gathering

Tweet This: SecureAuth announces enhancements to Core Impact to simplify critical penetration testing tasks:

Kerberos tickets provide authenticated access to applications and data using Active Directory, which is the foundation of a vast majority of organization’s access control programs. Bad actors can compromise such systems by employing Kerberos Golden and Silver Tickets, along with pre-programmed workflows, giving them unfettered access to an organization’s entire domain: computers, files, folders and, most critical, domain controllers. A Silver Ticket Attack uses a forged service authentication ticket, which can be as damaging as a Golden Ticket Attack.

Core Impact’s new functionality for Golden and Silver Ticket Attacks can trick Active Directory into providing penetration testers with a Kerberos ticket that offers entry into a system, helping to identify these extraordinarily insidious methods to maliciously gain access to systems.

“By using an identity-based attack with a Golden Kerberos ticket, bad actors can gain access to nearly any application and data, and it’s as easy as pushing a button,” said Keith Graham, chief technology officer at SecureAuth. “Core Impact 18.2 simplifies the time-consuming tests that are required without the need to sift through multiple modules and complicated workflows, getting to the root of the problem and reducing this significant risk to organizations.”

Protecting resources controlled by Active Directory greatly enhances the security and protection of an organization’s digital transformation projects, as well as the identities of employees, partners and consumers.

Core Impact is highly robust yet easy-to-use penetration testing tool that enables security teams to identify security weaknesses that can be exploited. It is used to replicate attacks that pivot across systems, devices, and applications to reveal chains of exploits that can open paths to an organization’s mission-critical systems and data. The latest release adds to the updates of version 18.1, which focused on client-side testing, phishing, and social engineering attacks.

In addition, Core Impact now ingests vulnerabilities detected by Burp Suite and can identify and test those vulnerabilities with known exploits, helping organizations find and remediate web application risks. Burp Suite is a graphical web app scanner and tester that is used by most enterprises to test web application security.

Other Core Impact v18.2 features include:

  • Support for Kerberoast identity attacks against Active Directory domain controllers that house all Kerberos tickets in their signed, validated, and encrypted forms
  • Support for Nos. 1-9 of OWASP’s most recent (2017) top 10 application security risks
  • An update to the latest version of Network Mapper (Nmap), a network profiling tool embedded within Core Impact that probes the ports and services of a network’s hosts, such as laptops and workstations, to determine its operating system
  • Support for the current version of Powershell Empire
  • Updated Nessus import support
  • Network IG and A&P module output refresh
  • Latest version of Mimikatz

About SecureAuth
SecureAuth eliminates identity-related breaches through the continuous assessment of risk and the enablement of trust across identities. The company is a leader in access management, identity governance, and penetration testing. SecureAuth’s highly flexible Identity Security Automation platform redefines security through identity making it easier for organizations to prevent the misuse of credentials. To learn more, visit, or connect with us at, Twitter, and LinkedIn.


Contact Data