How to Use Nmap on the Pwn Pad

This video demonstrates using nmap on the Pwn Pad, both with the one-touch functionality and from the command-line. The video covers the various adapters that can be used with the Pwn Pad and how to choose which one you are using: tplink, trendnet USB ethernet adapter, the onboard Nexus adapter, or EvilAP. Nmap will ascertain the IP address and scan the class-c of that network, and you can then run a common service scan or use nmap’s other functionalities.

Nest and the Internet of Things

Hundreds of pages could be written about the security state of the Internet of Things (IoT); the tricky thing about embedded devices is that security often seems to be an afterthought. The recent Black Hat conference in Las Vegas touched on IoT security and DEF CON broached the subject as well. In addition to the potential for harm caused by a breach of the device — a malfunctioning security alarm or smoke detector —  these devices collect data in order to function, much of it sensitive. According to an HP Research Study on the IoT, 90% of these devices collect at least one piece of personal information. Though necessary for some of the useful abilities of these products, the aggregate data, if stored or found improperly, can be devastating. And with potentially billions of these devices in the near future, securing them is no trivial matter.

Unfortunately, many IoT companies are not paying enough attention to security — at DEF CON, a talk called “Hack All the Things” went over 20 devices, some IoT, that had recently been hacked by the group. With an explosion of IoT security services and even an initiative to help smaller IoT companies with security, the [world] is starting to wake up to the severity of this issue. But the best security starts from the beginning, with the design of the product. Nest and its founder Tony Fadell understand this has been very careful about security concerns even when designing Nest products. Though he doesn’t even want to call Nest an IoT product, he appreciates the [integral nature] of security to his project. Ironically enough, Nest’s parent company Google itself has had serious security issues with its own devices, but Nest has not — for the most part — fallen into this trap.

Nest’s security is, for the most part, quite impressive. (Un)fortunately, researchers from the University of Florida took to one of the biggest stages at Black Hat to expose a way to compromise the Nest using a hardware feature – namely, a USB port that, combined with reset, allows you to put the device in developer mode. The USB port can only be used if the adversary forces the Nest into a global reset by holding down the power button for ten seconds. With some pretty priceless 2001: A Space Odyssey references and computer generated graphics, the hour-long talk got the point across — by no means is the Nest thermostat unexploitable. The Nest thermostat still cannot be taken advantage of remotely without access, at some point in the process, to the physical device. But physical vulnerabilities should not be a surprise: the recent HP report on the IoT even recommended that companies should be “reviewing the need of physical ports such as USB,” the exact weakness in Nest’s system. With access to the Nest device, an adversary could control other Nest thermostats in the network, collect valuable data on the victim (knowing when a person isn’t home can be surprisingly useful for robberies), and manipulate the various devices the Nest controls.

Though the team has not yet found a way that the Nest can be exploited remotely, even a physical exploit could prove to be seriously problematic. Zeljka Zorn of HNS points out that “good social engineering can convince you to allow strangers into your house” and allow an adversary to bring the Nest under his control. Additionally, the researchers expressed their worry that clever criminals could resell hacked Nests on Ebay or Amazon, getting them into homes that way.

The Nest is not the only major technology with a USB achilles heel: Caroline Hall of FierceMobile IT recently reported an iPhone vulnerability using the USB port: unsigned code could be pushed onto the device using the USB. A number of years ago, Wall of Sheep even installed a USB charging station at DEF CON, showing that though for years we’ve known that USB connectivity can be a major security flaw, the general public is simply not educated enough on the potential dangers of USB ports….or they simply don’t care.

However, security issues like this do not spell the end of IoT devices, nor of Nest. When the researchers asked how many in the audience had Nest devices, about half raised their hands. When they then asked how many would give up the product even with the potential hack, none (from my vantage point) suggested that they would. It was even spun as a potential upside – the ability to jailbreak a device collecting vast amounts of personal information that is automatically sent to Nest could potentially let advanced users disable minimize privacy concerns.

For more articles on the talk, you can visit Net Security, Dark Reading, Forbes, or others.


Hands-on: Pwn Pro and Pwn Pulse, Mass Surveillance for the Rest of Us

Pwnie Express’ latest penetration testing offerings step up the power

 – By Sean Gallagher –

At Black Hat and Def Con earlier this month, the penetration testing tool makers at Pwnie Express unveiled two new products aimed at extending the company’s reach into the world of continuous enterprise security auditing. One, the Pwn Pro, is essentially a souped-up version of Pwnie Express’ Pwn Plug line of devices; the other, Pwn Pulse, is a cloud-based software-as-a-service product that provides central control of a fleet of Pwn Pro “sensors.” Combined, the two are a whitehat’s personal NSA—intended to discover potential security problems introduced into enterprise networks before someone with malevolent intent does.

While Ars was given a brief look at the new products in Las Vegas, we’ll be conducting a more intensive, full review of Pwn Pro and Pwn Pulse in the near future. Rest assured that our review will be heavily informed by our experience with the Pwn Plug 2. But despite our somewhat brief experience with the new products, it’s not a stretch to say that they are a significant upgrade to Pwnie’s previous capabilities.

(Original Article)

Congratulations to the Winners of our Vegas Pwn Phone Drawings!

Congratulations to Eric Meyers of Corning, Inc. and Joe Burgos of Molina Healthcare, the winners of our Pwn Phone drawings at Black Hat and DEF CON! The Pwn Phone 2014 is a high-speed, lightweight LG Nexus 5 smart phone that is the ideal choice for on-the-road pentesting and onsite assessments. The Pwn Phone 2014 can evaluate wired, wireless, and Bluetooth networks and has over 100 open source pentesting tools.

Pwnie Express’s Dave Porcello and Vic Wheatman on Securing Branch Locations


Episode 20: Securing the Branch Location and Remote Sites

Hackers continue to go after the easiest target — the branch or remote office be it a gas station, retail store, bank branch, local health clinic or the like.

Armed with the knowledge that organizations are increasingly distributed and most organizations’ budgets are allocated to headquarters, a branch or remote office often provides an easy access point for attackers.

Vic Wheatman speaks at Black Hat with Dave Porcello, CTO and founder of Pwnie Express on what kinds of attack the organization should actually be concerned about.

Is it the advanced persistent threat or is it that unknown rogue access point? As you’ll hear from Porcello, your organization may have unbelievable security 99 percent of the time but it’s that one computer, or air conditioning duct, that often opens the door.

Listen Now!

(Original Post)

Your Wi-Fi is Mine

Increasingly, those with evil intentions are targeting personal computers over wireless networks, either by passively monitoring the traffic or by setting up a duplicate network for a “man-in-the-middle” attack. Though people should probably know better by now, Gene Bransfield’s presentation at this year’s DEF CON, “War Kitteh”, demonstrated just how prevalent weak or un-encrypted Wi-Fi networks still are in 2014, and how nobody wants to talk about it… unless cats are involved.

War Kitteh is the adorable spin on “WarDriving”, the mapping out of all Wi-Fi networks in a certain geographical area. A previous iteration of “WarDriving with a spin” is Warbiking, taking WarDriving to a more eco-friendly space. By staying mobile — usually in a car — the WarDriver extends his or her coverage area and is more likely to come across an insecure wireless network.

Gene Bransfield of Tenacity Solutions kept the basic components of WarDriving: Wi-Fi monitor, GPS, and a “vehicle”. However, Bransfield’s use of cats demonstrated that the InfoSec community, though vibrant and internally communicative, had failed to demonstrate the importance of security to the general public. To remedy this, he decided to use the lovable and meme-worthy medium of cats for his demonstration. Hence, “War Kitteh”. The cat wandered the streets with an off-the-shelf GPS-enabled collar enhanced by a Spark Core, mapping the Wi-Fi networks it passed by. Specifically, Bransfield was searching for unprotected or weakly protected Wi-Fi networks. The test proved that the required technologies can easily be toted by pets, as the device is small and light enough to be completely wearable by the average housecat without overburdening it. In addition, Bransfield created “Denial of Service Dog”. Instead of man’s best friend, DoS Dog is a TV’s worst nightmare. Attached to a harness on the dog was a modified TV-B-Gone, allowing the wandering pet to automatically turn off TVs within its range. Though not practically useful (outside of some good, annoying fun), the dog certainly adds to the category of “weaponized pets”.

Why is this talk being so widely shared (and talked about?) Yes, because of the cats… but also, in Bransfield’s words, because there are a “lot more open and WEP-encrypted hot spots out there than there should be in 2014.” Of the 23 wireless networks he found, about one third of them were weakly (or not!) encrypted. With a huge amount of personal data and payment information transmitted over wireless connections, the lack of basic security — and testing for basic security — can have serious implications. And what can conference attendees learn? The Internet loves cats, so maybe incorporate one into your next highly technical, very important presentation.

A fuller description of what Bransfield found and the technology he used can be found at Naked Security here or at Wired here, with a video feature on PC Mag.

Back in Black (Hat)

The Pwnies have come back East after an intense — and amazing — week in Sin City. Seeing the community out in full force is a rare and beautiful thing, and Black Hat and DEF CON are the greatest time to do so. Though a little healthy paranoia goes far in this industry, Pwnie Express is always happy to be in the thick of it!

Pwnie at Black HatBlack Hat kicked off with a single keynote: Dan Geer of In-Q-Tel spoke about “Cybersecurity as Realpolitik,” an assessment of the future of cybersecurity within the framework of political realism. A recording of the talk as well as the full transcript is available online. Geer spoke about  how the explosion of technology means that we no longer have people who fully understand the general state of security while being able to properly harness all of the tools the industry uses. He also reminded the audience that “all cyber security technology is dual use,” something that most people find disturbing, though to InfoSec professionals this is common knowledge.

Continuing the rich con tradition of potentially controversial talks being cancelled at the last minute, two Carnegie Mellon researchers saw their Tor talk called off. According to Reuters, Tor is working with CERT to “coordinate the disclosure of details on the researchers’ attack on the network;” the Washington Post reported that the disclosure could happen “possibly as soon as this week.”

Pwnie at DEF CON

DEF CON was enjoying its last year at the Rio with some big names, as well. A record number of attendees were present when John McAfee swung by to decry smart phones (“the most promising privacy thing is stupid phones”) and Phil Zimmerman compared surveillance to slavery, saying that the industry is responsible to provide the products to protect privacy. Movie Night with Dark Tangent was hacker-centered Sci-Fi “The Signal”, professors analyzed the economics of stolen data, and multiple talks discussed the rise of bug bounties. As usual, the Wall of Sheep exposed those foolish enough to connect to Wi-Fi and a series of technical talks and demonstrations on everything from cryptography and DDoS defense. And the badges? Wired just ran a full feature on the masterpieces and their creator.

The cons were amazing, and we’ll be posting more detailed discussions of some of the talks in the coming days.

Pwnie Express Targets Remote Locations With New Cloud-based Security

By Fahmida Y. Rashid

Pwn Pulse Combines “Hack-in-a-box” Sensors with Central Management for Remote Location Intelligence. Pwnie Express, the experts behind network security testing platform that power the Pwn Pad, Pwn Plug, and Pwn Phone have launched a software-as-a-service (SaaS) version. Called the Pwn Pulse, the platform allows network security professionals to deploy sensors and collect real-time information about the state of wired and wireless networks. Pwn Pulse allows real-time asset discovery for both wired and wireless assets, provides continuous vulnerability scanning, supplies penetration testing tools, and offers risk-trending and alerting capabilities, the Boston-based company said.

Read Article