Pwnie Express Releases Next Generation of Groundbreaking Pwn Pad

Vulnerability Intelligence and Penetration Testing Tablet is Faster, Lighter and Easier to Use than Ever

December 18, 2013

Pwnie Express today announced the release of the latest version of its lauded Pwn Pad, a tablet that provides IT professionals unprecedented mobility and ease of use in assessing wired and wireless networks.

The leader in vulnerability intelligence and penetration testing devices, the latest Pwn Pad, the Pwn Pad 2014, is faster, thinner, lighter, sharper and easier to use than ever. The ideal choice for pentester’s who are on the road or conducting a company or agency walk through, the new version of the Pwn Pad with its 7” tablet screen offers a streamlined ‘one-click’ software update process, making it to easy update.

“We are thrilled to announce the latest version of the Pwn Pad,” said Dave Porcello, Pwnie Express CTO and founder. “Using the popular Nexus 7 tablet from Google, the Pwn Pad 2014 offers a custom Android front-end with one-touch pentesting applications as well as a custom Kali Linux back-end with a comprehensive pentesting suite.”

Pwn Pad Core Features Include:

  • Custom Android front-end with one-touch pentesting applications, including Evil AP, Strings Watch, Full-Packet Capture, Bluetooth Scan, & SSL Strip
  • Custom Kali Linux back-end with comprehensive pentesting suite, including Metasploit, SET, Kismet, Aircrack-NG, SSLstrip, Ettercap-NG, Bluelog, Wifite, Reaver, MDK3, & FreeRADIUS-WPE
  • Simple web-based administration and in-product updates with “Pwnie UI”
  • 6 different covert channels to tunnel through application-aware firewalls & IPS
  • High performance CPU/GPU, large HD display, powerful battery (up to 9 hours active use)
  • External high-gain Bluetooth supporting packet injection (up to 1000′)
  • External USB-Ethernet adapter for wired network pentesting

Pwnie Express provides cost effective, rapid deployment products comprised of innovative sensors available in a variety of form factors that deliver previously unattainable intelligence that makes it incredibly easy to evaluate risk in remote and distributed environments. More than a 1000 enterprises across verticals including retail, finance, health, and manufacturing as well as service providers and government organizations rely on Pwnie Express to know who and what is accessing their networks.

About Pwnie Express
Pwnie Express is the leading provider of innovative sensors that assess network and wireless security risks in remote locations. Over 1000 enterprises and government organizations worldwide rely on Pwnie Express’s products to conduct drop-box penetration testing and receive unprecedented insight into their distributed network infrastructure. Pwnie Express’s smart devices leverage open source tools and platforms. The award-winning products are backed by the expertise of Pwnie Labs, the company’s security research arm.

[Press Release]

European Parliament Gets PWNED

By Rene Millman

On Monday the 25th of November a memo was released to the  European Parliament Free Software User group mailing list announcing that they were going to be disabling the public wireless network. This is in response to a man-in-the-middle style attack which successfully intercepted traffic between cell-phones and the unencrypted wireless.

UK Tech Blog IT Pro did a writeup of the attack in which they suggest that the attack occurred when “hackers set up an “evil twin” wireless router near the building in Strasbourg and had stolen the usernames and passwords of 14 people at the European Parliament.”

As more employees bring their own devices into the workplace, businesses face the challenge of enforcing corporate security policies on consumer devices that are not solely controlled by the IT department,” said Jason Hart, vice president of cloud solutions at security firm SafeNet. “Most employees now store a wide range of both personal and business information on their mobile devices, so this lack of control exposes businesses to serious security vulnerabilities in the form of data breaches and unauthorised access.

This sounds strikingly similar to the “Evil AP” tool offered on Pwnie Express’ Pwn Pad line of products.
In the Evil AP attack the Pwn Pad tablet identifies networks which are being requested by other devices in its area. It accepts the requests for connection and acts to route their traffic through to the Internet allowing for redirection to malicious services or, as in the case of the European Parliament, interception of transmitted data and credentials. Devices with insecure wireless configurations are easily identifiable using this technique.

Announcing the Pwn Plug R2!

Today we’re very proud to announce a new product, the Pwn Plug R2.

This brand new release builds on the massive success of the Pwn Plug Elite, and brings with it a number of customer-requested features.

Ars Technica says it best: “inside, it’s really a Linux-powered NSA-in-a-box, providing white hat hackers and corporate network security professionals a “drop box” system that can be remotely controlled over a covert Internet channel or a cellular data connection.”

Hardware-wise, we have great news: no more external dongles for dual-ethernet or wireless! The R2 has onboard high-gain wireless and dual-ethernet, external high-gain Bluetooth, 4G/GSM cellular, and more builtin storage.

This release also brings the newest version of our Pwnix software to the device as well, allowing the system to be updated easily, and laying the groundwork for integration with other Pwnie Express products.

We’ll be at Black Hat and DEFCON all week showing it off, stop by, say hello, and take a look at the R2!

Click here to see the full specs for the Pwn Plug R2.


UPDATE: Yep, we’ll absolutely still be supporting the original Pwn Plug via the regular support channels.

Exfiltration and Covert Channels in Cyber Defense Magazine

Hey all, we wanted to give you a heads up on an article we put together in the new Cyber Defense Magazine. The article talks about current data exfiltration techniques – both by automated and manual techniques, and commonly used tools in that environment. Here’s a small excerpt from the article:

A point of access must first be established – this is what is traditionally referred to as the security breach. This is commonly occuring via a client-side exploit, weak system credentials, or SQL injection. According to recent reports, the most commonly used technique today by sentient attackers is via your own remote access applications – RDP or even your own VPN.

Once that point of access is obtained, the attacker then goes looking for interesting data in the environment. Data at rest is often gathered via built-in Windows shares or FTP, and data in transit is gathered with a variety of techniques, the most common of which is now parsing memory, where data is unencrypted and available for the taking.

Attackers are likely to use your own built-in tools to exfiltrate data too. Because these remote access tools are typically encrypted, and traditionally hard to inspect, this is an easy way for the attacker to pull data out of the environment without detection. One of the best things you can do to protect yourself is monitor usage of the channels, and watch for anomalies.

Today’s malware is also using common internet protocols to send your data out. Partially because of the complexity of automating remote access solutions, and in part due to the availability HTTPS, FTP and SMTP libraries, these protocols are often used by malware to send data out of the environment.

The article goes on to talk about advanced techniques in data exfiltration, something we’ve focused on a lot here at Pwnie Express:

Using a technique called “tunneling,” data can be encrypted in archives or in transit, limiting the ability to inspect it at a proxying firewall – It just looks like traffic over HTTP/S, or DNS, or ICMP, among others. These are commonly referred to as “covert channels.” With covert channels, attackers can hide what they are saying or passing by writing a message inside a message, much like stenography can hide a picture inside a picture.

We fact-checked against the recent breach reports, specifically Trustwave’s excellent ‘Global Security Report‘. If you’re interested in the full article, check out Cyber Defense Magazine.

Distributed Penetration Testing Becomes Easy With Pwnie Express Citadel PX

By Ritu Saxena

Pwnie Express, the company that came into existence in late 2009, with a mission to provide innovative security assessment products for today’s enterprises, has recently announced an all new security assessment and remote penetration testing product for distributed enterprises called Citadel PX. Citadel PX forms the core part of Pwnie Express’s vision of controlling enterprise-wide penetration testing and security assessment from a single interface.

Citadel PX is a scalable and rapid-deployment solution backed by hardware or virtual sensors which continuously monitors the network, runs vulnerability assessments, and conducts penetration tests from anywhere in the world. The console or Command Post serves a central interface to manage the sensors and gather results. Once the sensors are installed and configured, they initiate a reverse connection back to the Command Post, giving IT Admin control of their capabilities and automation.

 (Original Article)

What’s in your pentesting kit?

We were recently working on an audit of the Pwn Appliance, checking to ensure each tool was documented, relevant, useful, AND up-to-date. If you look at the pure number of tools, we’re a little slanted toward tunneling, network pentesting, and wireless utilities right now, but of course you have root access to your device, and can install whatever you’d like.

We’re loving the stories we get of folks using tools like SET, BeEF, or SQLMap on internal networks after tossing it in the corner.

Here’s a high-level view of the toolkit:


And here’s the full list of packages (note there are some others that are not installed via package, but this covers the majority). We believe that Pwnie devices firmly belong in the pentester’s toolkit – whether you’re doing local or remote network, webapp, wireless, or physical work.

Many testers have encountered scenarios where (lack of) Internet access or time dictated that their toolkit be prepared in advance of a test. Particularly for on-site work.  What’s your pentesting kit consist of? Which hardware? Which software?