The document summarizes the new features in Impact 18.1, which focuses on improving client-side and user testing capabilities. Key updates include dynamic credential capturing from actual websites, more options for temporal agents like setting self-destruct times by workspace or module, automatic tagging of users who click links or enter credentials, redesigned testing workflows, new phishing wizard and email templates, and an upcoming Core Impact customer community for collaboration.
2. AGENDA
• What’s New in Impact 18.1 (High-level)
• Why Focus on Users/Client-Side Testing
• More Detailed Look at 18.1
• Demo
3. • Dynamic Credential Capturing
• Temporal Agent Enhancements
• Updated Status View & New Auto-Tagging
• Re-Designed Testing Workflows
• Import New Email Templates
• Updated Default Email Templates
• New Phishing Wizard
What’s New in Impact 18.1?
Release Focused on Client Side or User Testing
4. Why Focus on Users?
Client Side Testing
• Email is the #1 delivery vehicle for most malware & 1 in 131 emails
contained malware in 20161
• 76% of organizations report being victim of a phishing attack in 20162
• Reports of W-2 phishing emails increased 870% in 20173
• Unfortunately, WE (humans) are the often the weakest link
1 - https://www.symantec.com/security-center/threat-report
2 - https://info.wombatsecurity.com/state-of-the-phish
3 - https://www.bna.com/w2-email-scam-b73014451281/
5. U S E R S I M PA C T A C T U A L W E B S I T E
• Not a clone website
• Don’t have to host - little resources required
• Capture credentials from more modern
websites
Dynamic Credential Capturing
IMPACT18.1
6. Temporal Agent Enhancements
IMPACT 18.1
• Introduced “self-destruct” agent in previous release
• Now adding more options:
IMPACT
AGENT
• Product Level (whole)
• Workspace Level
• Module/RPT Level
Agents left behind could become backdoor paths for attackers
and can unnecessarily drain resources of machines deployed on
7. Updated Status View & Auto Tagging
IMPACT 18.1
Auto Tagging for Further Testing
1. Open & Viewed AND clicked link
2. Open & Viewed, clicked link, AND gave credentials or downloaded and ran attachment
9. Import New Email Templates
IMPACT 18.1
• Reduce time to create
realistic email templates
• Don’t have to know HTML
• Click save to capture any &
template-ize any email
10. Updated Default Email Templates
IMPACT 18.1
• Less templates – spend less
time find one
• Modernized templates –
improved effectiveness
• Modern language & style to
mimic today’s email norms
11. New Phishing Wizard
IMPACT 18.1
RPT Wizard
Attack & Penetration
RPT Wizard
Phishing
RPT Wizard
Phishing
RPT Wizard
Phishing
RPT Wizard
Phishing
• Phishing Wizard buried under
Attack & Penetration Wizard
• Now it’s own & easy to find
13. COMING SOON!
The Core Impact Customer Community
• Real-time chat with other Core Impact
customers as well as various Subject Matter
Experts from SecureAuth + Core Security
• Question and Answer area to ask and
answer questions about using Core Impact
• On-Demand Training area to take multiple
short online training courses on various
Impact topics
• Code Repository where you can post code
for custom modules or find custom
modules others have created