Guest Blog // Selected Security Content Provided By Sophos
What's This?
02:04 PM
Dark Reading
Dark Reading
Security Insights
Connect Directly

Exclusive: Pwnie Express Evolves The Role Of The Pen Tester

Pwnie Express recently released Citadel PX, which will expand the role of the pen tester. The new offering will enable greater marketability while improving quality of life

Pwnie Express is well-known for its penetration testing drop box, the Pwn Plug. Since the creation of the Pwn Plug there have been many evolutions including the Pwn Phone, the Pwn Pad, and the Enterprise Pentesting Appliance (EPA). All of which are amazing products but all required a serious amount of expertise and manual effort to fully utilize.

One of the challenges a pen tester must learn to overcome is the requirement to be at a customer's physical location to perform a test. Of course you could always utilize the customer's VPN, or build your own custom apps, but you'd need approval to allow the outbound connection and you have the time to get it properly set up.

Imagine a world where you could ship a piece of hardware, or have the client download a virtual device instead. What if all the testing setup was just handled for you? You could perform more testing every week, increase the amount of remote testing thereby reducing travel costs, utilize an easy interface to connect back, sniff traffic while off-site, conduct automated assessments, and even be able to perform a remote incident response. This sounds a bit unrealistic.

The team from Pwnie Express has been hard at work making the unrealistic come to fruition. We were able to connect and discuss their latest offering, Citadel PX, which was purpose built to enable a tester to get more done with less effort and travel.

Citadel PX is a Web-based product designed to remotely manage testing sensors. When we asked about the sensors, we learned there were hardware and virtual versions available, built on Ubuntu Server 12.04 and jam packed with pentesting tools.

The sensors support tools natively such as Nessus 5.03 server, Metasploit Pro, Cobalt Strike, SET, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & many more. Pwnie even enables virtual guest machines with the hardware solution, including Backtrack, Qualys, Acunetix, nCircle, and other solutions. The sensors are also hardened per NSA, NIST, DoD, and DISA guidelines, including encrypted volumes for pentest results.

As a pen tester using Citadel PX, you can use the built-in automation, define your own custom automation, or even utilize an on-demand reverse shell capability to get an interactive shell on the device. The system acts somewhat like a simple bot net, polling to the Citadel PX console every 10 seconds for instruction.

When Jonathan Cran, CTO at Pwnie Express, gave me a walk-through of Citadel PX, I saw a slick Rails-based interface with hearty documentation. Some of the cool features that stood out are the ability to grab WiFi results from the integrated hardware, ability to run commands from the remote user interface as tasks for automation, and you can write your own plug-ins using Ruby.

Now breaking into the software and services market, Jonathan Cran commented directly to pen testers that the Citadel PX "bridged testers to remote networks and enabled them to go further, faster, than ever before."

If you're using a service such as Citadel PX, it may prompt security concerns for your customers. Jonathan addressed this, saying, "Citadel PX maintains a secure lightweight connection via SSL, and if necessary, a persistent Reverse SSH shell." He added that "it can support traditional VPN connections as well." Citadel PX can also tunnel through application-aware firewalls and Intrusion Prevention Systems.

Why is this important to you? First, a reduction in travel is clearly a cost benefit to you and your customers while improving your quality of life. Second, the ability to perform increased remote automated assessments in a work week with established customers means you are more attractive from a cost perspective than your competitors.

Citadel PX provides you with an easy user interface to get connected back into your customer's environment. Having the ability to remotely sniff your customer's network is another benefit which evolves the capabilities of the pen tester, enabling them to better understand traffic patterns on the network, and even to perform incident response.

Jonathan explained that during beta testing in a customer's network, the sensors actually detected malware and reported it back to the Citadel PX console. Analyzing attack patterns from that same console enabled Pwnie Express to assist with understanding the attack and which devices were compromised.

Citadel PX is available for purchase here

No security, no privacy. Know security, know privacy.

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter @DSchwartzberg

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.