Guest Blog // Selected Security Content Provided By Sophos
What's This?
02:04 PM
Dark Reading
Dark Reading
Security Insights
Connect Directly

Exclusive: Pwnie Express Evolves The Role Of The Pen Tester

Pwnie Express recently released Citadel PX, which will expand the role of the pen tester. The new offering will enable greater marketability while improving quality of life

Pwnie Express is well-known for its penetration testing drop box, the Pwn Plug. Since the creation of the Pwn Plug there have been many evolutions including the Pwn Phone, the Pwn Pad, and the Enterprise Pentesting Appliance (EPA). All of which are amazing products but all required a serious amount of expertise and manual effort to fully utilize.

One of the challenges a pen tester must learn to overcome is the requirement to be at a customer's physical location to perform a test. Of course you could always utilize the customer's VPN, or build your own custom apps, but you'd need approval to allow the outbound connection and you have the time to get it properly set up.

Imagine a world where you could ship a piece of hardware, or have the client download a virtual device instead. What if all the testing setup was just handled for you? You could perform more testing every week, increase the amount of remote testing thereby reducing travel costs, utilize an easy interface to connect back, sniff traffic while off-site, conduct automated assessments, and even be able to perform a remote incident response. This sounds a bit unrealistic.

The team from Pwnie Express has been hard at work making the unrealistic come to fruition. We were able to connect and discuss their latest offering, Citadel PX, which was purpose built to enable a tester to get more done with less effort and travel.

Citadel PX is a Web-based product designed to remotely manage testing sensors. When we asked about the sensors, we learned there were hardware and virtual versions available, built on Ubuntu Server 12.04 and jam packed with pentesting tools.

The sensors support tools natively such as Nessus 5.03 server, Metasploit Pro, Cobalt Strike, SET, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & many more. Pwnie even enables virtual guest machines with the hardware solution, including Backtrack, Qualys, Acunetix, nCircle, and other solutions. The sensors are also hardened per NSA, NIST, DoD, and DISA guidelines, including encrypted volumes for pentest results.

As a pen tester using Citadel PX, you can use the built-in automation, define your own custom automation, or even utilize an on-demand reverse shell capability to get an interactive shell on the device. The system acts somewhat like a simple bot net, polling to the Citadel PX console every 10 seconds for instruction.

When Jonathan Cran, CTO at Pwnie Express, gave me a walk-through of Citadel PX, I saw a slick Rails-based interface with hearty documentation. Some of the cool features that stood out are the ability to grab WiFi results from the integrated hardware, ability to run commands from the remote user interface as tasks for automation, and you can write your own plug-ins using Ruby.

Now breaking into the software and services market, Jonathan Cran commented directly to pen testers that the Citadel PX "bridged testers to remote networks and enabled them to go further, faster, than ever before."

If you're using a service such as Citadel PX, it may prompt security concerns for your customers. Jonathan addressed this, saying, "Citadel PX maintains a secure lightweight connection via SSL, and if necessary, a persistent Reverse SSH shell." He added that "it can support traditional VPN connections as well." Citadel PX can also tunnel through application-aware firewalls and Intrusion Prevention Systems.

Why is this important to you? First, a reduction in travel is clearly a cost benefit to you and your customers while improving your quality of life. Second, the ability to perform increased remote automated assessments in a work week with established customers means you are more attractive from a cost perspective than your competitors.

Citadel PX provides you with an easy user interface to get connected back into your customer's environment. Having the ability to remotely sniff your customer's network is another benefit which evolves the capabilities of the pen tester, enabling them to better understand traffic patterns on the network, and even to perform incident response.

Jonathan explained that during beta testing in a customer's network, the sensors actually detected malware and reported it back to the Citadel PX console. Analyzing attack patterns from that same console enabled Pwnie Express to assist with understanding the attack and which devices were compromised.

Citadel PX is available for purchase here

No security, no privacy. Know security, know privacy.

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter @DSchwartzberg

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.