Perimeter
Guest Blog // Selected Security Content Provided By Sophos
What's This?
6/3/2013
02:04 PM
Dark Reading
Dark Reading
Security Insights
Connect Directly
RSS
E-Mail
50%
50%

Exclusive: Pwnie Express Evolves The Role Of The Pen Tester

Pwnie Express recently released Citadel PX, which will expand the role of the pen tester. The new offering will enable greater marketability while improving quality of life

Pwnie Express is well-known for its penetration testing drop box, the Pwn Plug. Since the creation of the Pwn Plug there have been many evolutions including the Pwn Phone, the Pwn Pad, and the Enterprise Pentesting Appliance (EPA). All of which are amazing products but all required a serious amount of expertise and manual effort to fully utilize.

One of the challenges a pen tester must learn to overcome is the requirement to be at a customer's physical location to perform a test. Of course you could always utilize the customer's VPN, or build your own custom apps, but you'd need approval to allow the outbound connection and you have the time to get it properly set up.

Imagine a world where you could ship a piece of hardware, or have the client download a virtual device instead. What if all the testing setup was just handled for you? You could perform more testing every week, increase the amount of remote testing thereby reducing travel costs, utilize an easy interface to connect back, sniff traffic while off-site, conduct automated assessments, and even be able to perform a remote incident response. This sounds a bit unrealistic.

The team from Pwnie Express has been hard at work making the unrealistic come to fruition. We were able to connect and discuss their latest offering, Citadel PX, which was purpose built to enable a tester to get more done with less effort and travel.

Citadel PX is a Web-based product designed to remotely manage testing sensors. When we asked about the sensors, we learned there were hardware and virtual versions available, built on Ubuntu Server 12.04 and jam packed with pentesting tools.

The sensors support tools natively such as Nessus 5.03 server, Metasploit Pro, Cobalt Strike, SET, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & many more. Pwnie even enables virtual guest machines with the hardware solution, including Backtrack, Qualys, Acunetix, nCircle, and other solutions. The sensors are also hardened per NSA, NIST, DoD, and DISA guidelines, including encrypted volumes for pentest results.

As a pen tester using Citadel PX, you can use the built-in automation, define your own custom automation, or even utilize an on-demand reverse shell capability to get an interactive shell on the device. The system acts somewhat like a simple bot net, polling to the Citadel PX console every 10 seconds for instruction.

When Jonathan Cran, CTO at Pwnie Express, gave me a walk-through of Citadel PX, I saw a slick Rails-based interface with hearty documentation. Some of the cool features that stood out are the ability to grab WiFi results from the integrated hardware, ability to run commands from the remote user interface as tasks for automation, and you can write your own plug-ins using Ruby.

Now breaking into the software and services market, Jonathan Cran commented directly to pen testers that the Citadel PX "bridged testers to remote networks and enabled them to go further, faster, than ever before."

If you're using a service such as Citadel PX, it may prompt security concerns for your customers. Jonathan addressed this, saying, "Citadel PX maintains a secure lightweight connection via SSL, and if necessary, a persistent Reverse SSH shell." He added that "it can support traditional VPN connections as well." Citadel PX can also tunnel through application-aware firewalls and Intrusion Prevention Systems.

Why is this important to you? First, a reduction in travel is clearly a cost benefit to you and your customers while improving your quality of life. Second, the ability to perform increased remote automated assessments in a work week with established customers means you are more attractive from a cost perspective than your competitors.

Citadel PX provides you with an easy user interface to get connected back into your customer's environment. Having the ability to remotely sniff your customer's network is another benefit which evolves the capabilities of the pen tester, enabling them to better understand traffic patterns on the network, and even to perform incident response.

Jonathan explained that during beta testing in a customer's network, the sensors actually detected malware and reported it back to the Citadel PX console. Analyzing attack patterns from that same console enabled Pwnie Express to assist with understanding the attack and which devices were compromised.

Citadel PX is available for purchase here

No security, no privacy. Know security, know privacy.

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter @DSchwartzberg

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0972
Published: 2014-08-01
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write ...

CVE-2014-2627
Published: 2014-08-01
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVE-2014-3009
Published: 2014-08-01
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct ph...

CVE-2014-3302
Published: 2014-08-01
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3534
Published: 2014-08-01
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a c...

Best of the Web
Dark Reading Radio