TESTING END USERS AND END-USER APPLICATIONS

The latest SANS Top-20 List of Internet Security Attack Targets includes eight vulnerabilities that are directly tied to end-user systems. This confirms that cybercriminals are targeting end users through social engineering techniques, seeking to directly compromise their applications and operating systems while gaining access to backend networks.

The CORE IMPACT Pro Client-Side Rapid Penetration Test (RPT) makes it quick and easy for you to test both the security of end-user systems and the effectiveness of security awareness programs. Through a series of wizards, the Client-Side RPT guides you through every step of planning and executing email-based social engineering attacks.

Quickly identify social engineering test targets

Social engineering attacks target end-user computers otherwise protected by perimeter defenses. The user must therefore inadvertently expose their computer to attack by clicking on an email link or opening an attachment – or sometimes simply by opening or previewing the email message itself. In the cases of phishing and spear phishing, this begins with acquiring an email address. IMPACT Pro offers a number of modules for gathering email addresses from your organization, including:

Crawling a website to harvest addresses published on the site
Leveraging major search engines to locate addresses for a given domain
Finding addresses in PGP and Whois databases

You can also enter or import your own list of email addresses to test.

Safely launch phishing and spear phishing attacks

With IMPACT Pro, you create an email, associate it with an exploit, and go phishing. The product includes sample email templates that mimic common phishing attacks. You can also create your own custom spear phishing emails that leverage inside knowledge of your organization. IMPACT Pro’s extensive library of client-side exploits includes attacks that target:

Endpoint applications: e.g., web browsers, email clients, instant messaging, media players, business applications and productivity tools
Endpoint security solutions: e.g., antivirus, anti-phishing, anti-malware, host-based intrusion detection and prevention systems
Endpoint operating systems and services: e.g., Windows, Mac, Linux

Created in-house by a dedicated team of security experts, the product’s client-side exploits are Commercial-Grade – ensuring that they are current, effective and safe for your network.

IMPACT Pro also takes care of sending the email, giving you options such as selecting an SMTP server or spoofing a specific "from" email address (e.g., the administrative account on your network).

Assess the consequences of successful social engineering

By replicating real-world attacks, IMPACT Pro allows you to see and report on the potential consequences of a compromised end-user system. While conducting a social engineering test, IMPACT Pro runs a web server that launches your selected client-side exploit when end users click on the email link.

If an IMPACT Pro Agent (the payload of the attack) is successfully deployed, you can interact with the end user’s computer and emulate the type of access an attacker could achieve, including:

View the local file system and mapped drives
Upload and download files to and from the computer
Open and interact with files on the computer
Take a screenshot of current activity on the computer
Harvest emails addresses from mail clients
Deploy a keylogger that tracks the user’s keystrokes
Perform a password dump from the user’s web browser
Gather user names and passwords from endpoint applications

As a result, you gain indisputable evidence of the threats posed by vulnerabilities on end-user systems.

Determine the risks of inside access

In addition to interacting with files on a compromised end-user system, you can use IMPACT Pro to leverage it as a beachhead from which to run subsequent network penetration tests on other systems in the end-user’s network – without uploading any code to the machine. This pivoting capability enables you to exploit trusted relationships and fully understand the “ripple effect” of threats that can occur when a single end-user system is compromised, replicating the steps attackers actually take.

Monitor end-user response and evaluate security awareness programs

IMPACT Pro records each GET request as users respond to phishing tests, and test results are then aggregated into two reports:

Client-Side Penetration Test Report: a full audit trail of each attack, including the email template sent, exploit launched, test result (success or fail), and details about compromised systems
User Report: a report of which links were clicked, when they were clicked, and by whom

Using the reports, you can quickly identify and address gaps in your security awareness programs.