The Power Strip That Lets You Snoop On An Entire Network

By Adrian Kingsley-Hughes

Have you checked all the power strips in your home or office to make sure they’re not spying on you?

Pwnie Express have an upcoming product called the Power Pwn that could sit unnoticed in a home or work environment and yet be spying on an entire network.

The Power Pwn is described as “a fully-integrated enterprise-class penetration testing platform” that has an “ingenious form-factor” — which, I think is a euphemism for “easily hidden” — and as a “highly-integrated/modular hardware design”.

The Power Pwn is marketed as a penetration testing tool and is fully-loaded with hardware and software to allow it to hack into a number of different networks. The device features:

  • Onboard high-gain 802.11b/g/n wireless
  • Onboard high-gain Bluetooth (up to 1000′)
  • Onboard dual-Ethernet
  • Fully functional 120/240v AC outlets!
  • Includes 16GB internal disk storage
  • Includes external 3G/GSM adapter
  • Includes all release 1.1 features
  • Fully-automated NAC/802.1x/RADIUS bypass!
  • Out-of-band SSH access over 3G/GSM cell networks!
  • Text-to-Bash: text in bash commands via SMS!
  • Simple web-based administration with “Plug UI”
  • One-click Evil AP, stealth mode, & passive recon
  • Maintains persistent, covert, encrypted SSH access to your target network
  • Tunnels through application-aware firewalls & IPS
  • Supports HTTP proxies, SSH-VPN, & OpenVPN
  • Sends email/SMS alerts when SSH tunnels are activated
  • Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more!
  • Unpingable and no listening ports in stealth mode

The Power Pwn also features an unlocked 3G/GSM adapter that’s compatible with GSM carriers in over 160 countries.

A hacker can communicate with the Power Pwn either over the web or via SMS text messaging, and it can be used to launch remote attacks against Wi-Fi, Bluetooth, and Ethernet networks.

The Power Pwn is an amazing bit of kit, but it comes with a hefty price tag — you can pre-order it now for a whopping $1,295. That might seem expensive, but for your dollar you do get a fully comprehensive, virtually undetectable hack tool.

This is a very evil piece of kit.

Thanks to everyone who sent this link to me.

(Original Article)

Darpa Funds Hack Machine You’d Never Notice

By Robert McMillan

If you saw this bad boy under your desk, would you say anything?

It may look like a surge protector, but it’s really a remote access machine that corporations can use to test security and log into branch offices. Called the Power Pwn, it’s a stealthier version of the little box that can hack your network we wrote about last March.

Hidden inside are Bluetooth and Wi-Fi adapters, along with a number of hacking and remote access tools that let security experts prod and poke the network, and even call home to be remotely controlled via the cellular network.

There’s a “text-to-bash” feature that lets you send commands to the device using SMS messages. Some customers conducting penetration tests of corporate security have been using Apple’s Siri voice-recognition software to send these messages, says Dave Porcello, the CEO of Pwnie Express, the company that makes the Power Pwn. “Basically, they are able to speak pen-testing commands into their phone.”

It’s a device “you can just plug in and do a full-scale penetration test from start to finish,” Porcello says. “The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now.”

Companies can buy the $1,295 Power Pwn and mail it out to branch offices to do quick security tests of their remote networks, Porcello says. About 90 percent of Pwnie Express’ customers work for corporations or the federal government.

The device, like its Pwn Plug predecessor, comes with easy-to-use scripts that cause it to boot up and then phone home for instructions. “It’s pretty sturdy. You can send it through U.S. mail and you can send it through FedEx and the setup is easy,” says Jason Malley, who works in alarm-system maker Tyco’s security and compliance group. “This tool really cuts down on time and expenses.”

Malley wasn’t allowed to talk about what Tyco is doing with the devices — he’s been using them for more than a year — but he says that they go over really well when he pulls them out in informal “lunch and learn” demonstration sessions. “It’s actually a really great security awareness tool,” he says, “because we can talk about things in theory. When you pull the thing out and say it’s not theory, it definitely helps and you notice things.”

This Power Pwn was developed with money from a new Darpa (Defense Advanced Research Projects Agency) program called Cyber Fast Track, which is trying to jumpstart a new generation of cyber-defense tools. “It’s kind of taking the tools that the hackers are using and putting them in the hands of the people that need to defend against the hackers,” Porcello says.

(Original Article)

Pwnie Express Unveils Two New Products at Black Hat USA and Defcon 20

Pwnie Express unveils new cybersecurity pentesting hardware products

Barre, VT – July 29, 2012

Pwnie Express, a Vermont cybersecurity startup, and creator of the Pwn Plug, the first-to-market penetration testing drop box, will unveil two new pentesting products at Black Hat USA 2012 and Defcon 20. Black Hat is being from July 21-26 at the Caesars Palace, Las Vegas. DefCon 20 will be from July 26-29 at the Rio Hotel in Las Vegas.

Pwnie Express is unveiling the Power Pwn and the Pwn Plug Mini at the conferences. The Power Pwn is a dual-ethernet Pwn Plug with on-board wireless (wifi) and Bluetooth, in the form of a desktop surge protector. The Pwn Plug Mini is half the size of the original Pwn Plug with nearly all of the same features.

Pwnie Express specializes in innovative, rapid deployment penetration testing products for security professionals. “The portable form factor of the Pwn Plug lends to its cost effectiveness and enables quick deployment. This limits time and travel required for penetration testing and scales well to provide coverage across multiple remote locations,” according to Mark Hughes, Customer Development Director. “The remote wifi and Bluetooth testing capabilities provide Pwnie Express considerable delineation from the existing market. The remote wireless penetration testing capabilities of these products enables our clients to converge logical and physical vulnerability.”

This form factor, when combined with support for persistent covert channels (including wifi and 3G) make this product ideal for physical penetration testing.
Pwnie Express’ products have been incorporated into the cyber-security toolboxes of over one hundred security service providers, several Fortune 50 companies and various federal agencies. They have recently been featured in Wired.com, The information Systems Security Association (ISSA) Journal, Wired, Ars Technica, PC Magazine, and Slashdot. The Pwn Plug has been named as the Editors Choice in PC Magazine and Pwnie Express has been named by Network World as one of the 7 hottest companies to watch.

Founder and CEO, Dave Porcello said, “Our products provide significant time and cost savings for internal, remote pentesting and address the scalability challenges organizations have in providing consistent pentesting across multiple organizations.”

Black Hat provides briefings and training to leading corporations and government agencies around the world. Black Hat Briefings and Trainings are held annually in Abu Dhabi, Europe, and Las Vegas. Black Hat is produced by UBM TechWeb. More information is available at http://www.blackhat.com.

For more information on Pwnie Express, visit www.http://pwnieexpress.com.

[Press Release]