Pwnie Express Releases Next Generation Penetration Testing Device: The Pwn Plug R3

September 3, 2014

Pwnie Express today announced the release of the latest version of its cutting edge Pwn Plug, the R3, an inconspicuous pentesting device whose drop box form factor provides unprecedented ease of use at remote locations at a fraction of the cost of traditional penetration testing solutions.

Pwnie Express is the only company to assess wired and wireless network security anywhere, on demand. Its Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor. With onboard 802.11a/b/g/n wireless, external high-gain Bluetooth, 4G/GSM cellular, ruggedized case design, and greatly improved performance and reliability over its much-lauded R2 predecessor, the Pwn Plug R3 is the enterprise penetration tester’s dream tool.

This easy-to-deploy sensor can be remotely controlled over a covert Internet channel or a cellular data connection. Preconfigured, once plugged in and turned on, the Pwn Plug R3 will look to find a way to establish a persistent SSH connection between the device and its operator’s server—including a GSM-based 4G cellular data connection.

The R3 rounds out the Pwnie Express line of comprehensive vulnerability assessment and penetration testing solutions. The solutions include Pwn Pad 2014 and Pwn Phone, mobile form factors for the on-the-go tester, Pwn Plug R3 and its more powerful medium to large enterprise Pwn Pro counterpart, drop-box sensors used for remote testing, and Pwn Pulse software as a service (SaaS) solution for those organizations with multiple hard-to-reach distributed sites that require continuous monitoring and assessment.

“Our customers are constantly looking for ways to keep cost down and quality high. With the products at Pwnie Express we can cut travel costs to zero and still provide outstanding internal assessments. They have changed our business model and hopefully the whole business model for pentesters everywhere for the better,” said John Strand, senior security analyst/principal of Black Hills Information Security.

Product benefits:
o    Provides a cost-effective lightweight, non-intrusive and easy-to-deploy solution for remote locations
o    Preconfigured, doesn’t require onsite management
o    Extends on demand penetration beyond the headquarters to remote sites
o    Allows for easy anywhere drop box deployment
o    Increases frequency and scope of remote site assessments
o    Expands awareness of wired, wireless, BYOD and rogue devices across all sites
o    Addresses PCI DSS and HIPAA compliance requirements at remote sites
o    Greatly reduces travel and operational overhead required to do security testing

Core features include:
o    Onboard dual-band 802.11a/b/g/n wireless supporting packet injection & monitor mode
o    Onboard Bluetooth supporting device scanning & monitor mode
o    External 6-band (worldwide) 4G/GSM cellular USB adapter
o    Intel-based hardware delivers professional-grade performance & reliability
o    Onboard 802.11a/b/g/n wireless supporting packet injection & monitor mode
o    Onboard Bluetooth supporting device scanning & monitor mode
o    External unlocked 4G/GSM cellular adapter (SIM not included)
o    Runs Pwnix, a custom Debian distro based on Kali Linux
o    Over 100 OSS-based pentesting tools including Metasploit, SET, Kismet,
o    Aircrack-NG, SSLstrip, Nmap, Hydra, W3af, Scapy, Ettercap,
o    Bluetooth/VoIP/IPv6tools, and more
o    Simple web-based administration and in-product updates with “Pwnie UI“
o    One-click Evil AP & Passive Recon services
o    Persistent reverse-SSH access to your target network
o    6 unique covert channels for remote access through application-aware firewalls and IPS
o    Supports HTTP proxies, SSH-VPN, & OpenVPN
o    Out-of-band SSH access over 4G/GSM cell networks
o    Wired NAC/802.1x/RADIUS bypass capability
o    Unpingable and no listening ports in stealth mode
o    Local console access via HDMI

“It’s challenging for today’s globally-distributed organizations and consultants to assess the security of remote sites and branch offices. Today’s cyber criminals know this and are increasingly concentrating their efforts on these often-overlooked entry points,” said Dave Porcello, Pwnie Express CTO and Founder. “The Pwn Plug R3 helps these organizations and consultants gain deep visibility into these remote locations without physically traveling to each site, providing a cost-effective means to mitigate these attacks.”

Availability And Pricing
Pwn Plug R3 is generally available, priced at $995.

About Pwnie Express
Pwnie Express provides a simple and scalable asset discovery, vulnerability scanning, and penetration testing solutions for remote sites and all wireless spectrums. At its core are open source tools integrated on a smart platform available in a variety of form factors, which have helped thousands of enterprises worldwide get unprecedented real-time actionable insight into their distributed network infrastructure. The award-winning products are backed by the expertise of Pwnie Express Labs, the company’s security research arm. The company is headquartered in Boston, Massachusetts.

[Press Release]

Winner of the Pwn Phone 2014 July Survey

nexusPwnie Express would like to announce the winner of our Pwn Phone 2014 Survey that closed at the end of July. Dan Fleischer of Illinois is the lucky winner! We look forward to hearing about how he’s liking the recently released Pwn Phone 2014. Congratulations!

Pwnie Express Announces “Pwn Pulse” SaaS Security Assessment Solution Enterprise-class Offering Combines Pwnie Express Sensors with Central Management for Remote Location Intelligence

Enterprise-class Offering Combines Pwnie Express Sensors with Central Management for Remote Location Intelligence

August 5, 2014

Pwnie Express, the only company to assess wired and wireless network security in remote locations on demand, today announced the Pwn Pulse software as a service (SaaS) solution. The enterprise-class offering uses Pwnie Express’s easy-to-deploy sensors to provide highly scalable continuous intelligence.

An end-to-end security assessment solution designed specifically for hard-to-reach distributed remote sites, Pwn Pulse delivers real-time wired and wireless asset discovery, continuous vulnerability scanning, pentesting, risk trending and alerting.

Known for its drop-box penetration testing solutions, the new SaaS solution completes the entire enterprise security assessment lifecycle. The solution delivers a robust centralized management console that:

  •  Allows for out-of-the-box deployment of sensors
  • Aggregates and correlates sensor data
  • Provides trending and analysis of data with the ability to drill down to sensor asset level
  • Pwn Pulse also easily and seamlessly integrates with existing security information and event management (SIEM) products.

Product benefits:

  • Provides a cost-effective lightweight, non-intrusive and easy-to-deploy solution for remote locations
  • Delivers the most comprehensive asset discovery to remote sites
  • Extends vulnerability management to remote sites
  • Enables subsequent on-demand penetration testing to remote sites
  • Allows for easy anywhere multi-site deployment
  • Increases frequency and scope of remote site assessment
  • Expands awareness of wired, wireless, BYOD and rogue devices across all sites
  • Addresses PCI DSS and HIPAA compliance requirements at remote sites
  • Reduces travel and operational overhead required to do security testing

“Businesses have fortified their headquarters and are now finding that they are increasingly at risk at their remote and branch offices as they remain vulnerable to attack, “ said Dave Porcello, CTO and founder of Pwnie Express “Remote locations have often been overlooked as the ideal attack entry point and the attackers know and use this. Attackers have also relied on and benefited from the difficulty organizations have experienced when trying to conduct security assessments and penetration test these remote wired and wireless environments which leaves them open to attack.

“Pwn Pulse is a game changer. It leverages the data generated by our proven sensors to provide a total end-to-end security assessment solution that integrates all of the intelligence for remote locations.”

Pwn Pulse provides consolidated asset discovery, vulnerability scanning, and pentesting in a single unified solution to deliver actionable risk information showing organizations where they are most vulnerable. This allows organizations to focus on high probability threats and threat vectors. With Pwn Pulse’s integrated intelligence, delivering continuous in-depth analysis to accurately identify attack paths, organizations can now extend their security from the headquarters across their entire organization.

“Working with large and mid-sized organizations, some of the largest challenges we see is the ability to understand what risks remote locations truly have. We continue to see a number of breaches occur at bank beaches, remote hospital locations, retail store locations, and other areas that are not directly at the “corporate” environment.,” said Dave Kennedy, Founder and Principal Security Consultant TrustedSec LLC.

“It’s challenging to get visibility into these different areas and something we simulate as attackers on a regular basis. Our easiest entry points are usually in these remote locations. It’s really great to see Pwnie Express come out with Pwn Pulse, which helps gain valuable data and information into the remote locations around what risks and exposures you may have to really start to fix a lot of the issues we see regularly. The more information an organization has, the better off they are in understanding what they can to do defend against the attacks we are seeing today.”

Pwnie Express’s network security assessment sensors are rapidly deployable and have been providing enterprises worldwide access to, and intelligence in hard to reach locations. At Pwnie Express’s core are open source tools available in a variety of form factors.

Pwn Pulse is currently in Beta testing. General availability will be in Q4. If you are interested in being part of the Beta please contact Pwnie Express at

About Pwnie Express
Pwnie Express provides an entire security assessment lifecycle solution leveraging its proven and innovative sensors that assess network security risks in remote and hard to reach locations. A SaaS solution, Pwnie allows for wired & wireless asset discovery, vulnerability scanning and on-demand penetration testing in remote and hard to reach locations. Thousands of enterprises and government organizations worldwide have been relying on Pwnie Express’s products to conduct drop-box penetration testing and provide unprecedented insight into their distributed network infrastructure. Pwnie Express’s SaaS solution based on its smart devices all organizations to see all the things while leveraging open source tools and platforms. The award-winning products are backed by the expertise of Pwnie Express Labs, the company’s security research arm. The company is headquartered in Boston, Massachusetts.

[Press Release]

NPR Blog Series Part 2: A Week in the Life

Note: Per our agreement with NPR, Pwnie Express is not disclosing any data collected during the research experiment with Steve Henn, but focusing it’s comments on providing education on the techniques used.

In my last post I described how I configured a Pwn Plug R2 to stream Steve Henn’s laptop and iPhone traffic from his home office to my analysis server in Vermont. Steve was acting as a proxy for the average Internet user, whose traffic could be monitored by any malicious intermediary. With our Pwn Plug now acting as a “web surveillance” drop box, we then proceeded with our first order of business: A week in the life of Steve Henn.

Note our approach here was not to emulate advanced NSA surveillance techniques, such as exploitation of SSL protocol weaknesses, malware delivery, or other “active attacks”. Instead, we focused on what the NSA, your ISP, the dude with a Pwn Phone at your local coffee shop, or any number of other intermediaries can discern about an individual by passively monitoring the enormous amount of Internet traffic that’s still transmitted in clear-text (unencrypted) today.

With just a week’s worth of web traffic I was able to assemble a rather thorough personal profile of Mr. Henn. Between Steve’s day-to-day laptop/iPhone web traffic and some additional testing in Pwnie’s lab environment, we were able to capture:

  • Passwords
  • Phone numbers
  • Email addresses
  • Physical location
  • VoIP/SIP phone calls
  • Cell carrier parameters
  • Audio recording from an FTP file transfer
  • Search keywords
  • Personal interests & shopping habits
  • Session keys & cookies
  • Universally-unique session IDs
  • Make, model, & BIOS/firmware versions of laptops, mobile devices, & printers
  • Installed OS/application versions & patch levels (including AV software)
  • Running Windows processes, exe/dll versions, & connected USB devices
  • MAC addresses, internal IPs, & other unique device identifiers
  • Log of all visited domains, websites, & countries
  • Images, photos, software downloads, SSL certificates

In this post I’ll describe the techniques I used to extract this information from raw web traffic. This analysis was completed on a Pwn Plug R2 (via SSH) with the following open-source tools installed: tcpflow ngrep tshark ssldump p0f pads trafshow tcpxtract pcregrep tcpslice dsniff xplico argus libplist-utils

The below examples reference a “CAPFILE” variable, which can be set to your target tcpdump capture file as follows:

$ CAPFILE=”June-3.cap”

Extracting clear-text passwords:

$ ngrep -I “$CAPFILE” -W byline -q -t | egrep -i “password=|pass=|secret=|^PASS |^USER ”
$ dsniff -p “$CAPFILE”

Extracting phone numbers:

$ tcpflow -r “$CAPFILE” -c -s port 80 | pcregrep -o “[^a-zA-Z0-9](\d{3}).(\d{3}).(\d{4})[^a-zA-Z0-9]” | pcregrep -o “(\d{3})-(\d{3})-(\d{4})|(\d{3})\.(\d{3})\.(\d{4})”

Extracting email addresses:

$ tcpflow -r “$CAPFILE” -c -s | grep -v “\.\.” | pcregrep -o ‘\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6}’

Extracting clear-text credit card numbers:

$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)([0-6]\d\d|7[0-256]\d|73[0-3]|77[0-2]) \d{2} \d{4}(\s|$)’
$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)(6011|5[1-5]\d{2}|4\d{3}|3\d{3})-\d{4}-\d{4}-\d{4}(\s|$)’
$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)(6011|5[1-5]\d{2}|4\d{3}|3\d{3})\d{12}(\s|$)’

Extracting clear-text social security numbers:

$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)([0-6]\d\d|7[0-256]\d|73[0-3]|77[0-2]) \d{2} \d{4}(\s|$)’
$ ngrep -I “$CAPFILE” -q -t ‘(\s|^)(6011|5[1-5]\d{2}|4\d{3}|3\d{3})-\d{4}-\d{4}-\d{4}(\s|$)’

Extracting physical location (GPS latitude & longitude) from iPhone Weather app traffic:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 |egrep “%2Clatitude%2Clongitude%2C”

Extracting VOIP/SIP call data:

$ ngrep -I “$CAPFILE” -W byline -q -t | grep -v “\.\.” |grep SIP

Decoding Apple device plist files to obtain cell carrier parameters:

First, use xplico to carve the plist XML files out of the packet capture:

$ xplico -l -m pcap -f “$CAPFILE”

Then, use plutil to decode the plist XML files into readable strings:

$ plutil -i “xdecode/bag” |strings > iphone_plist_bag.txt
$ plutil -i “xdecode/bag(1)” |strings > iphone_plist_bag1.txt
$ plutil -i “xdecode/getBag%3fix\=1” |strings > iphone_plist_getBag.txt
$ plutil -i “xdecode/version(1)” |strings > iphone-plist-cell-carriers.txt

Carving out & listing audio/video files, images, photos, executable files, SSL certificates, etc:

$ xplico -l -m pcap -f “$CAPFILE”
$ find xdecode/

Extracting keyword strings from HTTP Referer values:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 | egrep “^GET |^POST |^Referer: ” | egrep -o “[a-z-]*” | egrep “[a-z-]*-[a-z-]*-” | egrep -v “(^-|-$)”

Displaying Microsoft Bing Search keywords:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 | egrep “”

Displaying Amazon product searches:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 | egrep “”

Extracting cookies, session IDs, keys, tokens, etc:

$ tcpflow -r “$CAPFILE” -c -s port 80 | grep -v “\.\.” | egrep “^Set-Cookie|oauth|UUID||session.token|Authorization:”

Extracting make, model, & BIOS/firmware versions of PCs & mobile devices from Microsoft Windows error reporting, Apple iDevice browser, & Android YP app traffic:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 |egrep “^T |^GET |^Host: ” |egrep -B2 “$”
$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 | egrep “X-Device-Info: ”
$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST|HTTP/)’ port 80 | egrep “macAddress=|device_name=|device_type=|os_version=|dev=”

Displaying client OS/applications & versions:

$ ngrep -I “$CAPFILE” -W byline -q -t port 80 | egrep “^User-Agent: “

Extracting running processes, exe/dll versions, & connected USB devices from Microsoft Windows error reporting traffic:

$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 |egrep “^T |^GET |^Host: ” |egrep -B2 “$”

Top 10 domains:
$ tcpdump -nn -r “$CAPFILE” port 53 | egrep ” A\? ” | awk ‘{print$8}’ | egrep -io “[a-z0-9]*\.[a-z]*\.$” | sort | uniq -ic | sort -nr | head |awk ‘{print$1,$2}’

Top 10 websites (based on number of HTTP requests):
$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 | grep “^Host:” | sort |uniq -ic |sort -nr |head |awk ‘{print$1,$3}’

Top 10 referers:
$ ngrep -I “$CAPFILE” -W byline -q -t ‘^(GET|POST)’ port 80 | egrep “^Referer: ” |sort |uniq -ic | sort -nr |head |awk ‘{print$1,$3}’

Top TLDs/countries:
$ tcpdump -nn -r “$CAPFILE” port 53 | egrep ” A\? ” | awk ‘{print$8}’ | egrep -io “\.[a-z]*\.$” |sort |uniq -ic |sort -nr |awk ‘{print$1,$2}’

List any weak/vulnerable SSL sessions:
$ ssldump -n -r “$CAPFILE” | grep “cipherSuite” | egrep -i “RC4|MD5|EXP|NULL|_DES|ANON|64″ | sort | uniq -c | sort -nr | awk ‘{print$1,$2,$3}’

Pwnie Express turns the Nexus 5 into a powerful white hat hacking tool

Pwnie Express Turns the Nexus 5 Into a Powerful White Hat Hacking Tool

By Andrew Grush

Part of the magic of Android is the flexibility of the platform when it comes to customization and modding. With a little ingenuity, you can transform your Android-powered devices into just about anything — including a sweet hacking tool.

That’s exactly what Pwnie Express did to the Nexus 5, which it dubs as the Pwn Phone. Retailing for a pricey $1295, the Pwn Phone utilizes Nexus hardware but switches out stock Android for a special variant that has a recompiled kernel and runs on its own derivative of Kali Linux on the back-end of Android.

The Pwn Phone’s custom ROM gives the device the ability to act as a USB host, allowing it to add on Wi-Fi, Bluetooth and Ethernet via adapters. The reason for the added on adapters are that they offer improved range and capabilities over what’s already baked into the phone.

(Original Article)

Pwnie Express and Splunk: Realtime Wireless & Bluetooth Visibility

As part of a recent collaboration between Pwnie Express and Splunk, Inc., we put together a simple “Pwnie-Splunk” dashboard showing a real-time stream of all wireless and Bluetooth devices detected by a Pwn Plug R2 on the RSA show floor.

To accomplish this, we cobbled together a few parsers for Airodump-NG and Bluelog output, which we then forwarded to the Splunk demo server via syslog.

The Bluelog parser is fairly simple. First, we launch Bluelog in daemon mode, recording Bluetooth device names and device types and logging all detected devices to a local log file on the Pwn Plug R2:

# Start bluelog and write output to local logfile
bluelog -nfdo /var/log/pwnix/bluelog-devices

Next, we forward a real-time tail of this log to the Splunk server:

# Forward newly detected Bluetooth devices to Splunk server
tail -f /var/log/pwnix/bluelog-devices | logger -u /tmp/ignored -d -P 514 -t bluelog -n "${splunk_server}" &

Ok, that was fairly painless. Parsing Airodump-NG output on the hand was a bit of a challenge. Airodump-NG does export to CSV. However, the resulting CSV contains binary blobs, MS-DOS newline characters, two separate sections (with header rows) for wireless APs versus wireless clients, and the CSV file is entirely overwritten every 5 seconds while Airodump-NG is running. Also, Airodump-NG has no native support for backgrounding or daemonizing itself.

We thus first launch Airodump in a detached screen session:

# Launch a detached airodump session that logs output in CSV format
screen -d -m -S AirodumpSession airodump-ng --output-format=csv --write=/var/log/pwnix/airodump "${monitor_interface}"

Next, because Airodump overwrites the CSV every 5 seconds, we need to establish a way to track “already known” devices to avoid duplicate log entries for devices already discovered by the running Airodump session. To accomplish this, we first log the initial list of client devices and APs detected by Airodump:

# Create initial list of client devices and forward to Splunk server
cat /var/log/pwnix/airodump-01.csv | tr -d 'r' | tr -cd '11121540-176' | awk -vRS='nStation MAC' 'NR==2 {print}' | egrep -v "First time seen|^$" | awk -F"," '{print$1","$6","$7,$8,$9,$10,$11,$12,$13,$14,$15,$16}' | tee "${local_logpath}"/airodump-known-clients | logger -u /tmp/ignored -d -P 514 -t wificlient -n "${splunk_server}"

# Create initial list of APs and forward to Splunk server
cat "${local_logpath}"/airodump-01.csv | tr -d 'r' | tr -cd '11121540-176' | awk -vRS='nStation MAC' 'NR==1 {print}' | egrep -v "^BSSID|^$" | awk -F"," '{print$1","$14","$6}' | tee "${local_logpath}"/airodump-known-APs | logger -u /tmp/ignored -d -P 514 -t wifiap -n "${splunk_server}"

The “tr” commands strip out the MS-DOS newlines and binary blobs. The first “awk” command then splits the wireless AP/client sections into a simple comma-separated list of each device type, then the second “awk” command organizes the output into the desired format for our syslog entries. The “tee” command writes the initial list of known APs/clients to a local file, and “logger” then forwards that same list to the Splunk server.

We now want to keep an eye on the Airodump CSV file and forward any newly detected APs/clients to Splunk. This is accomplished with the following while loop:

while [ 1 ]

# Extract wireless clients from airodump CSV file, append newly detected clients to airodump-known-clients, and forward newly detected clients to Splunk server
cat "${local_logpath}"/airodump-01.csv | tr -d 'r' | tr -cd '11121540-176' | awk -vRS='nStation MAC' 'NR==2 {print}' | egrep -v "First time seen|^$" | awk -F"," '{print$1","$6","$7,$8,$9,$10,$11,$12,$13,$14,$15,$16}' | grep -vxf "${local_logpath}"/airodump-known-clients | tee -a "${local_logpath}"/airodump-known-clients | logger -u /tmp/ignored -d -P 514 -t wificlient -n "${splunk_server}"

# Extract wireless APs from airodump CSV file, append newly detected APs to airodump-known-APs, and forward newly detected APs to Splunk server
cat "${local_logpath}"/airodump-01.csv | tr -d 'r' | tr -cd '11121540-176' | awk -vRS='nStation MAC' 'NR==1 {print}' | egrep -v "^BSSID|^$" | awk -F"," '{print$1","$14","$6}' | grep -vxf "${local_logpath}"/airodump-known-APs | tee -a "${local_logpath}"/airodump-known-APs | logger -u /tmp/ignored -d -P 514 -t wifiap -n "${splunk_server}"

# Repeat every few seconds
sleep 3

The “tr” and “awk” commands server the same purpose as when we created the initial list of APs/clients above. With the addition of the “egrep” command however, we can effectively de-duplicate our results by excluding any “already known” AP/client devices from our output and then appending any newly detected devices to the original list.

Pwnie-Splunk Dashboard Screenshot

Running this demo live at both the Splunk and Pwnie booths made one thing quite clear: It’s 2014, and most security conference attendees still do not disable the Wifi or Bluetooth functions of their mobile devices while on the conference floor. Within 10 minutes of launching the demo, over 1000 mobile devices appeared on our Pwnie-Splunk dashboard.


The State of Open Source Pentesting Tools

Penetration testers rely heavily on a challenging combination of open source and proprietary software. Most of these tools are available for free through various software repositories but who makes these tools and who maintains them? How up-to-date and robust is the ecosystem on which we stake our professional careers and test the security of some of the most important systems on the planet?

At Security B-Sides in San Fransisco, Pwnie Express developers Sam Stelfox and I (Gabe Koss) investigate the state of many uncommon and well-established tools. This talk looks at the various tools which are publicly available via the Kali Linux repositories from the perspective software development, maintainability and professional reliability.

In this talk we will:

  • Present statistical information about these tools
  • Place shame on projects which need to be better maintained
  • Highlight tools which are doing a good job
  • Make solutions to help the community at large better curate this complex ecosystem of tools

Drop by our talk at 4pm in the Main Room (Track 1) of the DNA Lounge.

About Security B-Sides

Security B-Sides is the first grass roots, DIY, open security conference in the world!  Security B-Sides is a great combination of two event styles: structured anchor events and grass-roots geocentric events. B-Sides San Francisco is a 2-day information security conference taking place on February 23rd and 24th at the DNA Lounge. Each day will feature two speaking tracks. Admission is free, on a first-come, first-served basis.

Click here to learn more about B-Sides San Francisco.

Vulnerability Assessment and Penetration Testing Across the Enterprise

In this new white paper by Pwnie Express, we provide an overview of vulnerability assessment and penetration testing. We demonstrate why such measures are critical to the long-term health and success of enterprises across vertical industries. We also present the features and benefits of Pwnie Express’s technologies, which are the only vulnerability assessment and penetration testing solutions on the market that assess wired and wireless network security in hard-to-reach remote locations, simply, cost-effectively and on demand.

[button link=”” size=”large” color=”red”]Download Now…[/button]


Today’s increasingly complex enterprise IT infrastructures consist of hundreds if not thousands of systems and subsystems generally distributed and often in hard-to-reach locations.  The growing use of varying technologies by enterprises and their employees as wired and wireless systems evolve makes the task of assessing the security risks associated with the seemingly endless stream of vulnerabilities and attack vectors ever more pressing and difficult.

IT security team members need to be all seeing, all knowing. They require continuous insight into who and what is hitting their infrastructure and must adopt vulnerability assessment and penetration testing as an integral part of their security and risk management.  For IT staffs responsible for maintaining the infrastructure and continually evaluating the security posture, vulnerability assessment and penetration testing will enable them to:

  • See all the things.  Vulnerability assessment and penetration testing provides critical visibility, showing the weaknesses in all aspects of an organization’s infrastructure. By obtaining this invaluable insight on demand in both wired and wireless networks, an organization can identify which threats pose real exploitable risks and can intelligently manage them.
  • Meet compliance mandates. Federal governments and industry consortiums have recognized the escalating cyber crime threat and subsequent increasing number of breaches. To mitigate risk they have established regulations like the Payment Card Industry Data Security Standard (PCI DSS). Implementing a strong assessment and testing program enables organizations to provide the information they need to meet compliance and more importantly heighten their actual security posture.
  • Avoid network downtime. In the short term, recovering from a security breach can result in lost revenues, and costly and timely OT remediation efforts.  In the long term, downtime could lead to customer flight and cost an organization millions of dollars. By preventing interruptions customers can continue to transact and revenue can continue to flow.
  • Maintain corporate brand. Every single incident of compromised customer data also can be costly to a company’s reputation as trust is breached.  By seeing all the things organizations now have insight into potential threat vectors across their entire distributed infrastructures enabling them to prevent or quickly mitigate breaches to ensure their brand equity remains intact.
  • Justify existing security investments. Vulnerability assessment and penetration validates the effectiveness of an organization’s current security infrastructure. The increased visibility can be used to demonstrate what, if any, additional security technologies need to be instituted and/or security measures need to be taken.


Focused on Making Network Security Improvement Easier

I want to explain my excitement about joining the Pwnie Express team and talk about what we are doing. I am excited to join Dave Porcello. For those of you who are new to Pwnie Express, Dave founded the company after he developed a way to easily assess the security of remote locations with low profile Pwn Plugs that work the moment they are plugged in. He then created a very cool Pwn Pad to arm mobile security professionals charged with protecting their organizations.

A couple of years ago, Dave left his day job and started selling these stealthy plugs full time out of his basement in Vermont. The Pwn Plugs and Pads are smart and pack an incredible amount of capability into a small device, costing just over $1,000 dollars each. These powerful, low profile little gems can see all the wired and wireless connections in a location and that’s only the beginning of what they can do. 406 Ventures and Fairhaven Capital invested in Dave and his idea and I had the opportunity to join him.

We now opened a small office in Boston’s Seaport and maintain our research lab in Vermont. We are building a team that is focused on continuing to make it incredibly simple to see all the things in your remote networks, wired and wireless, and know if and how your network security is working.

Most companies have limited knowledge of what’s going on in remote locations because assessments are costly and difficult to conduct in distributed enterprises with far flung branch offices and firewalls by design limit visibility and testing. Because Pwnie Express operates without compromising security policies and the devices can be easily shipped and plugged in, we make it effortless for organizations to monitor all of their remote locations from one point.

Stay tuned as we develop new, straightforward and more powerful devices as well as a secure central service that will make it simple to see and know about all the things running in your remote locations.

We believe it is important to make it easy for organizations to improve their network security while dramatically lowering the costs to assess remote locations.