Latest version includes improved UI and advanced macro capabilities Core Security Technologies has unveiled Version 4.0 of Core Impact, its comprehensive do-it-yourself network attack and penetration toolkit. Although the basic engine remains the same, the front end has been significantly enhanced.I’ve been using Core Impact for almost two years now, so I was glad to see Core Security took some of the advice from my last review to heart. Version 4 leverages the product’s macro capabilities to make penetration testing an almost point-and-click affair.The new interface is helpful for both new and advanced users. It categorizes components into logical steps in the attack process, and new exploits — which are updated roughly every week — are easily integrated into the product with a single click. Core has also expanded Impact’s information-gathering tools. As before, exploiting a machine requires the use of agent software that allows for remote execution of commands, just as if you were sitting at the compromised machine’s keyboard. Impact’s main console now shows more reconnaissance information about a vulnerable machine, whereas the command shell running on the remote machine displays many more helpful details during the actual attack. Version 4.0 even makes it easy to move entire folder hierarchies from the vulnerable machine to the local machine during the exploit process.This product is a powerful tool in the hands of an IT security professional and can teach novices just how easy it can be to attack a vulnerable machine. It should be used with at least a modicum of caution, however, and in conjunction with both a strong security policy and a solid vulnerability assessment plan.— Victor R. Garza Technology Industry