A Look Inside Core Impact

We have reviewed, tested, and played with many products and applications over the years, but none of them compare to CORE IMPACT. From the moment you purchase the product, to the first time you get a shell on a vulnerable system, you are constantly being made aware of the fact that CORE understands security. We are not talking about flashy marketing tactics, but instead real security that is implemented to both mitigate real security related risks and exploit real system and application vulnerabilities.

In this section we are going to review/examine how a person can use CORE IMPACT to test for and take over vulnerable systems. As you will see, it is possible to gain root command line to a target system with only a few clicks of a mouse. Fortunately, this program isn't available for just anyone — with a yearly subscription price of $15,000 for the limited (8 IP addresses at a time) version and $25,000 for the unlimited version, it is highly unlikely that you will find this product in the hands of your neighbor’s kid.

So, what do you get for the price tag of $25,000 each year? Well, first and foremost you get a top notch product that not only does a quick job of finding vulnerabilities and exploiting them, but also does it in a nice GUI environment that almost anyone, from newb to expert, can use efficiently. To keep this product updated and working as expected, CORE Security employs roughly 120 people — 60 of which are the hardcore developers who are incorporating newly released vulnerabilities and exploit code into their software. The remaining 60 people deal with the normal overhead, sales, etc, with a few taking care of the 400 VMWare based systems that are used for testing of exploits to ensure there are no unexpected crashes or bugs. With this many people working on the program, it makes sense that the cost might be a bit higher than most other similar solutions that only have a fraction of that number on their product development team.