Perimeter
Guest Blog // Selected Security Content Provided By Sophos
What's This?
6/3/2013
02:04 PM
Dark Reading
Dark Reading
Security Insights
50%
50%

Exclusive: Pwnie Express Evolves The Role Of The Pen Tester

Pwnie Express recently released Citadel PX, which will expand the role of the pen tester. The new offering will enable greater marketability while improving quality of life

Pwnie Express is well-known for its penetration testing drop box, the Pwn Plug. Since the creation of the Pwn Plug there have been many evolutions including the Pwn Phone, the Pwn Pad, and the Enterprise Pentesting Appliance (EPA). All of which are amazing products but all required a serious amount of expertise and manual effort to fully utilize.

One of the challenges a pen tester must learn to overcome is the requirement to be at a customer's physical location to perform a test. Of course you could always utilize the customer's VPN, or build your own custom apps, but you'd need approval to allow the outbound connection and you have the time to get it properly set up.

Imagine a world where you could ship a piece of hardware, or have the client download a virtual device instead. What if all the testing setup was just handled for you? You could perform more testing every week, increase the amount of remote testing thereby reducing travel costs, utilize an easy interface to connect back, sniff traffic while off-site, conduct automated assessments, and even be able to perform a remote incident response. This sounds a bit unrealistic.

The team from Pwnie Express has been hard at work making the unrealistic come to fruition. We were able to connect and discuss their latest offering, Citadel PX, which was purpose built to enable a tester to get more done with less effort and travel.

Citadel PX is a Web-based product designed to remotely manage testing sensors. When we asked about the sensors, we learned there were hardware and virtual versions available, built on Ubuntu Server 12.04 and jam packed with pentesting tools.

The sensors support tools natively such as Nessus 5.03 server, Metasploit Pro, Cobalt Strike, SET, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & many more. Pwnie even enables virtual guest machines with the hardware solution, including Backtrack, Qualys, Acunetix, nCircle, and other solutions. The sensors are also hardened per NSA, NIST, DoD, and DISA guidelines, including encrypted volumes for pentest results.

As a pen tester using Citadel PX, you can use the built-in automation, define your own custom automation, or even utilize an on-demand reverse shell capability to get an interactive shell on the device. The system acts somewhat like a simple bot net, polling to the Citadel PX console every 10 seconds for instruction.

When Jonathan Cran, CTO at Pwnie Express, gave me a walk-through of Citadel PX, I saw a slick Rails-based interface with hearty documentation. Some of the cool features that stood out are the ability to grab WiFi results from the integrated hardware, ability to run commands from the remote user interface as tasks for automation, and you can write your own plug-ins using Ruby.

Now breaking into the software and services market, Jonathan Cran commented directly to pen testers that the Citadel PX "bridged testers to remote networks and enabled them to go further, faster, than ever before."

If you're using a service such as Citadel PX, it may prompt security concerns for your customers. Jonathan addressed this, saying, "Citadel PX maintains a secure lightweight connection via SSL, and if necessary, a persistent Reverse SSH shell." He added that "it can support traditional VPN connections as well." Citadel PX can also tunnel through application-aware firewalls and Intrusion Prevention Systems.

Why is this important to you? First, a reduction in travel is clearly a cost benefit to you and your customers while improving your quality of life. Second, the ability to perform increased remote automated assessments in a work week with established customers means you are more attractive from a cost perspective than your competitors.

Citadel PX provides you with an easy user interface to get connected back into your customer's environment. Having the ability to remotely sniff your customer's network is another benefit which evolves the capabilities of the pen tester, enabling them to better understand traffic patterns on the network, and even to perform incident response.

Jonathan explained that during beta testing in a customer's network, the sensors actually detected malware and reported it back to the Citadel PX console. Analyzing attack patterns from that same console enabled Pwnie Express to assist with understanding the attack and which devices were compromised.

Citadel PX is available for purchase here

No security, no privacy. Know security, know privacy.

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter @DSchwartzberg

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.