Blog
Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)
By Ricardo Narvaja on Mon, 09/09/2024
In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...
Guide
Guide to Creating a Proactive Cybersecurity Strategy
Cyber attacks are common, with 89% of companies experiencing an attack in the last 12 months*. It’s time to stop asking if attacks will occur and start asking if you can stop attacks from being successful. One of the best ways to answer this question is by employing a proactive security program. Using assessment and testing to harden your cybersecurity measures, proactive security: Uncovers...
Quote
Get Custom Penetration Testing Services Pricing
Find Your VulnerabilitiesCore Security's Security Consulting Services (SCS) simulates trending and new cyber threats to uncover security weaknesses, comply with regulatory compliance standards, and strengthen your security landscape. See how affordable pen testing can be, complete the form and get a customized quote from our experts based on your security needs.Get More With Security Consulting...
Guide
How to Use Upskilling and Reskilling to Scale Your Cybersecurity Team
The cybersecurity skills shortage is not just an ongoing inconvenience—it is a serious vulnerability that can be exploited by attackers. But how can organizations go about patching this gap while the talent gap endures? The answer lies in leveraging the resources you already have on hand: your existing workforce. How do you transform your existing personnel to meet today’s cybersecurity demands?...
News Article
The AI Journal: From Criminal Pastime to Cybersecurity Tool
Thu, 03/14/2024
Ethical hacking has become one of the most powerful tools for preventing cyber threats. Kyle Gaertner spoke with The AI Journal about the tool's importance.
Guide
Fortra's Complete Guide to Layered Offensive Security
Most organizations have a decent understanding of the types of defensive security tactics they need to employ to thwart cyberattacks. But offensive security techniques are just as important for detecting existing vulnerabilities that a threat actor has yet to discover and exploit.
Learn how to approach offensive security from the ground up, including the value of using a layered security...
Datasheet
How Fortra Supports the Zero Trust Journey
What Zero Trust means, tips for getting started, and how Fortra solutions support your Zero Trust security journey.
Datasheet
Advanced Red Team Bundle
Core Impact, Cobalt Strike, and Outflank Security Tooling (OST) are three powerful security solutions that use the same techniques as today’s threat actors in order to safely evaluate organizational infrastructures and provide guidance on closing security gaps, enhancing defenses, and creating more resilient security strategies.
Core Impact is an automated penetration testing tool, typically...
On-Demand Webinar
Fortra’s Penetration Testing Solution for Offensive Security
By Nick Hogg
Cybersecurity is no longer a one-dimensional, defensive only mind-set. Attacks have become multi-pronged and organizational security solutions also need to act offensively. Proactive, layered offensive security should include multiple security solutions, including penetration testing, to uncover security risks before they’re exploited.
Fortra’s Core Impact enables security teams to go on the...
On-Demand Webinar
Fortra’s Vulnerability Management Solutions for Proactive Security
By Nick Hogg
Cybersecurity needs have grown well beyond antiviruses and firewalls. Proactive, offensive security measures are crucial to help avoid the damaging effects of an attack, including customer and credibility loss, compliance penalties, and expensive corrective security actions.
Fortra Vulnerability Manager, formerly Frontline VM, and beSTORM Dynamic Application Black Box Fuzzer can save your team...
Infrastructure Protection & Data Security Solutions
Protect business-critical data with automated security solutions that help you stay ahead of today's ever-changing threats.
News Article
e-ChannelNews Interview with Mark Bell: Core Security Releases New Ransomware Simulator
Following the release of Core Security’s Ransomware Simulator, Mark Bell, Managing Director of Infrastructure Protection at Fortra, shares vulnerability management best practices and more in an interview with e-ChannelNews.
Quote
Get Custom Pricing for the Offensive Security - Essentials Bundle
Build and enhance your offensive security program with this foundational security testing bundle that features both a powerful vulnerability management solution, Fortra VM, and an advanced penetration testing tool, Core Impact. Though these tools provide distinct ways to identify and prioritize security weaknesses, they are even more powerful when integrated together.
Pairing Fortra VM and Core...
Press Release
Forta's Core Security Introduces New Ransomware Simulator
Core Security by Fortra, a leading provider of cyber threat solutions, today announced the addition of ransomware simulation to its penetration testing solution, Core Impact. Using an automated Rapid Pen Test, Core Impact users can now efficiently simulate a ransomware attack.
Demo
Watch a Demo of Core Impact
Core Impact allows organizations to easily and efficiently conduct penetration tests, using the same techniques as today’s threat actors to assess the security of an IT environment. With an intuitive interface, security professionals can easily uncover and safely exploit security weaknesses, minimizing risk and protecting critical assets.
Core Impact can be used across vectors and helps...
On-Demand Webinar
Fortra Champions chat about IBM i
In this video, Tom Huntington (Executive Vice President of Technical Solutions), Robin Tatam (Director of Security Technologies), and Amneris Teruel (Senior Expert specializing in IBM i) discuss the current state of IBM i and give their opinion on topics such as Security, Automation, High Availability and Cloud, among others.