Welcoming Our New Partner, INSEC Security

Rapidly Growing Demand for Anywhere, On-demand Penetration Testing and Vulnerability Assessment Driving Expansion
April 29, 2014

Pwnie Express, the only company to assess wired and wireless network security in remote locations on demand, today announced its partnership with INSEC Security, a leading South Korean cyber security solutions provider specializing in vulnerability assessments, ethical hacking, penetration testing, and forensics.

A professional IT Solutions company, Seoul-headquartered INSEC works with private and government organizations across South Korea. Pwnie Express solutions add unparalleled network visibility and penetration testing to INSEC’s broad base of security offerings, enabling its customers to see all the things across their distributed networks.

“We are tremendously pleased to announce our partnership with INSEC Security in Korea,” said Stephen Pace, Executive Vice President of Sales and Services for Pwnie Express. “The interest in and demand for cost effective, easy to deploy and use penetration testing and security assessment solutions has never been stronger and we’ll now be able to meet the growing demand we are experiencing in the Asia Pacific region.”

Pwnie Express’s network security assessment products are rapidly deployable and provide enterprises access to, and intelligence in hard to reach locations. At their core are open source tools integrated on a smart platform available in a variety of form factors, which deliver unprecedented actionable insight.

“Pwnie Express allows us to meet a critical need we are experiencing with our clients who require real-time insight in to their distributed networks,” said Edward Kim, CEO of INSEC Security. “Our partnership with Pwnie Express enables us to provide them with an unparalleled range of smart, high-performance penetration testing and vulnerability assessment solutions for both wired and wireless networks. This ability to see all the things enables us to offer a broader solution than anything currently available on the market, let alone the region.”

About Pwnie Express
Pwnie Express is the leading provider of innovative sensors that assess network security risks in remote and hard to reach locations. Thousands of enterprises and government organizations worldwide rely on Pwnie Express’s products to conduct drop-box penetration testing and provide unprecedented insight into their distributed network infrastructure. Pwnie Express’s smart devices allow organizations to see all the things while leveraging open source tools and platforms. The award-winning products are backed by the expertise of Pwnie Express Labs, the company’s security research arm. The company is headquartered in Boston, Massachusetts. For more information contact http://store.pwnieexpress.com

For more information on INSEC Security contact:
STX-V Tower 5F 505 ho
Gasan-dong 371-37 Geumcheon-gu
Seoul, 153-803, South Korea
Phone: + 82-2-863-5687
Email: insec(at)insec(dot)co(dot)kr
Web: http://www.insec.co.kr

[Press Release]

EvilAP: A Practical Example

Like most transformational technologies, WiFi has both a positive and negative side. The ease of use offered to the user by a modern WiFi device is matched only by the ease in which it can be exploited by an attacker. With the proliferation of mobile computing, its never been more important to make sure client devices are connecting only to approved networks; but unfortunately, its also never been easier for attackers to make sure that doesn’t happen.

One technique which can be used to lure unsuspecting WiFi users is known as an EvilAP. This is a collection of software and appropriate hardware which allows for the creation of a rogue access point that is indistinguishable from a legitimate WiFi network to the casual observer.

Once a client has connected to such a network (often without the user’s knowledge), the attacker has full control of all information going into and out of the device, and can deploy various tools to modify or monitor the victim’s communication. From the perspective of the victim, their usage of the Internet will be unhindered, and it’s unlikely they’ll ever suspect they’ve been compromised.

Setting up a rogue access point and running the appropriate tools to capture a victim’s credentials is trivially easy with modern software and penetration testing products. Using the Pwnie Express Pwn Pad tablet, a rogue access point and associated network monitoring tools can deployed in literally seconds while remaining mobile during the entirety of the operation.

EvilAP Setup

To start, simply connect up the included external WiFi adapter and tap the “EvilAP” icon under the “Wireless Tools” folder on the Pwn Pad main screen. This will bring up a dialog asking which interface you’re currently using the connect to the Internet. Here you’ll have the option of using a cellular connection, the Pwn Pad’s internal WiFi, or even a USB connected Ethernet device.

 

Once you’ve selected your source interface, you’ll then be asked what you want to call this rogue AP. You can hit the Enter key to go with the default “Public_Wireless”, or enter your own SSID. Next, you can enter what channel you want to run the AP on. The default (Channel 1) should be fine here, as there’s generally not as much traffic on the lower channels.

 

At this point you need to decide if you want to run in the so-called aggressive or static mode. Aggressive mode will net you more results, but it can be overwhelming in high traffic areas, as you’ll get connections from all devices rather than just those with the matching SSID.

Finally, you’ll be asked which beacon rate you want to use. Try the default of 30 to start with, but this value can be adjusted up or down a bit if you find you’re having trouble keeping clients connected.

Activating Attacks

The hard part’s over, now it’s time to layer attacks on top of our fake access point and start collecting data.

From the “Attack Tools” folder on the home screen, tap the “SSL Strip” icon, and choose which interface you want to sniff on (for each tool, you’ll want to select the EvilAP interface, at0).

EvilAP screenshot 6

Head back to the Pwn Pad’s main screen and open up the “Network Tools” folder, where you’ll find the next two tools, “Strings Watch” and “Dsniff”. For both tools, select the at0 interface and confirm you want to log results.

That’s it. Now with just a swipe of your finger you can switch between terminal windows running the various tools and watch the results as they flow through the Pwn Pad in real-time. Results will also be stored in /opt/pwnix/captures/passwords/ for later analysis, so you won’t even have to watch the screen.

 

The Pwn Pad running an EvilAP in a crowded public place like a coffee shop will likely result in a log file brimming with credentials from multiple users and services in a relatively short time. Since the victim’s experience using the Internet was not significantly different than normal, there’s little chance anyone who connects to the EvilAP will ever question its legitimacy until it’s too late.

Introduction to EvilAP

With the ubiquity of WiFi devices, the ability to create a rogue access point (also known as an EvilAP) has never been more useful, or in the wrong hands, more dangerous. For a pentester, an EvilAP can be used to not only verify client devices are not automatically connecting to unauthorized access points, but to also test if the legitimate access points on the network can be spoofed without the users noticing.

Using EvilAP is fairly straightforward, but there are a few details and caveats you should be aware of for a successful deployment.

EvilAP Operating Modes

The EvilAP function can operate in two different modes: aggressive or static. The different modes have their own strengths and weaknesses, and selecting which one is appropriate for your task is important for best results.

Aggressive Mode

In aggressive mode, EvilAP will listen for and answer any WiFi probe requests it receives. This allows EvilAP to spoof the SSID of whatever open networks the device has connected to previously. So if a user has his smartphone configured to automatically connect to his open home WiFi network named “linksys”, EvilAP’s aggressive mode will fool the device into thinking it’s connecting to the user’s home network.

The principle advantage of aggressive mode is that WiFi devices will automatically connect to the EvilAP without any user intervention, which makes it an excellent choice for performing spot checks in the test environment to find if any client devices have been incorrectly configured to connect to open networks within range.

To enable aggressive mode, select 1 when asked if you’d like to force clients to connect based on their probe requests.

EvilAP screenshot 1

Additionally, you’ll be given the opportunity to specify a beacon rate to use when sending probe requests. The default is 30 milliseconds, but it can be adjusted between 20 and 70 milliseconds if you’re finding that devices are not reliably making and maintaining a connection to the EvilAP.

Note: Aggressive mode can become unstable when operating in areas of high WiFi traffic. Keep an eye out for error messages, and try adjusting the beacon rate to see if performance improves.

Static Mode

In static mode, EvilAP will advertise itself as a specific (user supplied) SSID and wait for devices to connect. This mode is useful when targeting a specific access point, and has the advantage of greater stability than aggressive mode.

Naturally, the SSID must be a known ahead of time for static mode to operate. Accordingly, static mode is primarily useful when attempting to spoof a known access point during a pentest. It’s worth noting that valid SSIDs for use in static mode can first be found using EvilAP in aggressive mode.

Due to the more stable nature of static mode, it is the prefered mode to use when additional exploits are going to be run on top of the EvilAP.

Enabling static mode is simple, just give EvilAP an SSID to use, and it will handle the rest.

 

Internet Access

For a truly effective EvilAP deployment, Internet access is required so that it can be passed on to any victims which end up connecting to it. Aside from alerting the user to a problem, a lack of Internet access means the client won’t be able to communicate with any outside services, thus giving no opportunity to exploit it.

When using the Pwn Pad, you’ll have the option of using either the device’s 4G cellular modem, the internal WiFi, or an external Ethernet device.

Note: The internal WiFi radio (wlan0) will take routing preference over any other interface. Be sure that the Pwn Pad’s WiFi is not connected to any existing networks before attempting to use the other interfaces as a source of Internet connectivity.

 

Layered Attacks

With an EvilAP up and victims connecting to it without even realizing, you now have the perfect platform from which to launch a myriad of other attacks and exploits. Since all of the user’s Internet traffic will be passing through your EvilAP, it’s possible to collect user credentials, falsify web pages, or simply monitor the victim’s every move online.

Pwnie Express Expands Management Team; Appoints Seasoned Executive as Vice President of Marketing

Peter Velikin to Drive Worldwide Marketing Strategy, Brand Awareness and Market Expansion

April 09, 2014

Pwnie Express, the only company to assess wired and wireless network security in remote locations on demand, today announced the appointment of accomplished executive Peter Velikin as Vice President of Marketing.

Peter is responsible for Pwnie Express’s global marketing organization and will drive marketing strategy, demand generation, increase brand awareness, and continue the company’s market expansion.

Peter is a seasoned marketing executive with more than 15 years of experience commercializing new products in multiple startups.

Recently, Peter was VP marketing at VeloBit, Inc. a leading provider of enterprise storage I/O optimization software, where he managed all aspects of marketing and business development from the company’s inception through its acquisition by Western Digital Corporation.

He also served as VP marketing at Zmags, a SaaS-based digital content platform for e-commerce and mobile devices. Peter held senior management roles in sales, marketing, business development, product management, and engineering at several high-technology companies, including EMC and PTC. Peter also co-founded Velex Corporation, which invented and commercialized the award-winning Gorilla-Gym®. Peter has an MBA from Harvard Business School and a MS in Electrical Engineering from Boston University.

“I am excited for someone of Peter’s caliber to join our leadership team as we continue to expand our products and offer new services,” said Paul Paget, Pwnie Express CEO. “Pwnie Express will benefit from Peter’s extensive marketing experience and strategy to drive global brand awareness, and subsequent market expansion for our industry leading solutions. He will be a tremendous asset to the team.”

Pwnie Express’s network security assessment products are rapidly deployable and provide enterprises access to, and intelligence in hard to reach locations, which are providing today’s high-risk attack paths. At their core are open source tools integrated on a smart platform available in a variety of form factors, which deliver unprecedented actionable insight.

“Pwnie Express is a company with the right product line at the right time and I am excited to lead their marketing team,” said Peter. “As the only vendor to allow enterprises to see all the things, we are uniquely positioned to disrupt and expand the network vulnerability assessment and penetration testing industries. I look forward to building our brand recognition and market presence worldwide, as well as working with the world-class Pwnie Express team.”

For more information on Pwnie Express join our upcoming webinar: Penetration Testing Tales from the Trenches to be held on April 16th at 2 PM EDT. Register now.

About Pwnie Express
Pwnie Express is the leading provider of innovative sensors that assess network security risks in remote and hard to reach locations. Thousands of enterprises and government organizations worldwide rely on Pwnie Express’s products to conduct drop-box penetration testing and provide unprecedented insight into their distributed network infrastructure. Pwnie Express’s smart devices all organizations to see all the things while leveraging open source tools and platforms. The award-winning products are backed by the expertise of Pwnie Express Labs, the company’s security research arm. The company is headquartered in Boston, Massachusetts.

[Press Release]

Penetration Testing Tales from the Trenches – Part 1 [webinar]

We’re pleased to announce that we’re going to be delivering the first webinar in this two-part series with Paul Asadoorian at Security Weekly.

Wed, Apr 16, 2014 2:00 PM – 3:00 PM EDT

In this webcast you’ll hear penetration testers’ stories from the trenches. You’ll learn how social engineering, web application testing, brute force password guessing and other tactics come together for fascinating stories, detailing how networks are breached. Included with each war story is a short how-to guide, as well as a list of defensive recommendations. So tune in, pull up a chair with your favorite beverage and get ready for story time with Security Weekly!

Registration for this webinar is closed. Click here to access the slide deck and webcast archive.

Pwnie Express Partners with IT Governance, Extends Reach in the United Kingdom

Sales Momentum Drives Continued Partner Growth and Geographic Expansion 
April 01, 2014

Pwnie Express, the only company to assess wired and wireless network security in remote locations on demand, today announced its partnership with UK-based IT Governance Ltd, a leading cyber security solutions provider.

IT Governance, a UK CREST-approved penetration testing company, services a wide array of organizations across industries including finance, retail, manufacturing, government and healthcare. Pwnie Express solutions add unparalleled network visibility and penetration testing to IT Governance’s broad security offerings, enabling its customers to see all the things across their distributed networks.

“With an increase in cyber security attacks in remote and branch offices, our customers are demanding greater visibility into all their networks. We believe that Pwnie Express’s innovative approach to helping enterprises assess vulnerabilities anywhere, on demand, in both wired and wireless networks, provides our customers with critical intelligence they didn’t have before,” said Jamie Titchener, Commercial Manager of IT Governance. “The Pwnie Express solutions are a welcome and necessary addition to our product portfolio.”

Pwnie Express’s network security assessment products are rapidly deployable and provide enterprises access to, and intelligence in hard to reach locations. At their core are open source tools integrated on a smart platform available in a variety of form factors, which deliver unprecedented actionable insight.

“The ability to see all the things in their networks is a major priority for enterprises around the world. To build on the momentum we are experiencing and ensure the right support resources are available locally, Pwnie Express is forging relationships with regional partners that can offer the expertise, support and commitment our customers need,” said Stephen Pace, Executive Vice President of Sales and Services for Pwnie Express. “As a leading network security provider with deep expertise in vulnerability assessment and penetration testing, IT Governance is the ideal partner to help us extend the adoption of our innovative products within the UK IT market.”

Pwnie Express’s next generation product for conducting commercial grade penetration testing, the Pwn Pad 2014, is now available to an international customer-base through IT Governance’s e-commerce website:http://www.itgovernance.co.uk/shop/p-1555.aspx.

About Pwnie Express
Pwnie Express is the leading provider of innovative sensors that assess network security risks in remote and hard to reach locations. Thousands of enterprises and government organizations worldwide rely on Pwnie Express’s products to conduct drop-box penetration testing and provide unprecedented insight into their distributed network infrastructure. Pwnie Express’s smart devices allow organizations to see all the things while leveraging open source tools and platforms. The award-winning products are backed by the expertise of Pwnie Express Labs, the company’s security research arm. The company is headquartered in Boston, Massachusetts. For more information contact http://store.pwnieexpress.com

About IT Governance
IT Governance Ltd is the single-source provider for books, tools, training and consultancy for IT governance, risk management and compliance. The company is a leading authority on cyber security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. The company’s customer base spans Europe, the Americas, the Middle East, South Africa and Asia. More information is available at: http://www.itgovernance.co.uk.

[Press Release]