Posts

Introducing the Pwn Pad 4: the latest Pwnie mobile sensor for wired, wireless and Bluetooth device detection, classification, and penetration testing

We’re excited to announce pre-sale of the Pwn Pad 4, a commercial-grade security tablet designed for remote security assessment. The Pwn Pad 4 combines a portable security detection and pen-testing tool with a powerful enterprise security platform.  In addition, even the pentesting abilities have some exciting new features: with Kali Rolling and Blue Hydra (a Pwnie-developed capability), it’s the only pentesting tablet with Bluetooth capabilities that offers energy efficient and conventional Bluetooth detection and fingerprinting.

The Pwn Pad 4 features the following enhanced capabilities:

  • Blue Hydra, An industry first from Pwnie Express, the Pwn Pad 4 now includes Blue Hydra, the first device discovery software capable of detecting low power and classic Bluetooth devices.
  • Portable Pen-Testing Doubling as Threat Detection Sensors: The tablet is completely integrated with Pwnie Express’ Pwn Pulse SaaS platform for real-time wired and wireless, BYOD and IoT threat detection. This allows security professionals to leverage the versatile pen testing capabilities of a portable pad andwith the centralized visibility and historical records of enterprise data.
  • Kali Linux Rolling Distribution: The tablet comes prepackaged with the latest Kali Rolling edition, which includes an arsenal of tools and scripts for the hands-on, on-the-go cyber security professional.
  • Enhanced Configuration and Setup: The Pwn Pad 4 is more user-friendly than its earlier counterparts, with a consumer-like setup and configuration wizard that allows customers to streamline the initial implementation, upgrading and use of non-Pwnie Android apps.  

The Pwn Pad 4 is now available for pre-sale and will be generally available on June 1.  For more information, please visit  or contact sales@pwnieexpress.com or call (855) 793-1337.

Remote Site Security with Pwn Pulse

Continuing in our series about Pwn Pulse and its potential uses is the following “fair weather” example. While many associate Pwnie Express tools with penetration testing, it can also be useful for assessing the health of your security processes.

The day to day security operations of an average network are not terribly exciting. Once everything is setup and running, the routine of checking to make sure everything is working correctly takes up most of your time.

That’s bad enough if you’ve only got one location to contend with, but what if you have remote branches? Hiring staff to handle security issues at the various branches may not be an option, so time will have to be split up between them all. If you have to physically visit these remote locations, the problem becomes even worse. Time spent on the road is time wasted.

The reality is, remote branches are often ignored unless a serious problem develops. There simply isn’t enough time in the day to make a sweep of all the locations to ensure everything is working smoothly. The irony is that if you could keep a closer eye on the remote branches, you’d be able to head off a lot of problems before they took root, saving you time in the long run.

Pwn Pulse provides a window into the devices operating in these. You can use Pwn Pulse to not only keep an eye on your location, but by using it as a comparison to your standing security assessment tools.

 

Practical Example: Small Bank

Imagine that you were in charge of the network for a small independant bank that has a main branch and 6 smaller branches all within a 10 mile radius. The branches are too small and close together to justify the expense of hiring IT staff for each one, so you have to balance your time between them all. But the main branch has the largest number of users and is arguably the most important, so in practice the majority of your time is spent there. The remote branches are left to languish on their own, in hopes that nothing major comes up.

Unfortunately, if something does come up, it could very easily affect your entire network. Remote site security is too often overlooked, the assumption being that no important data is stored in these locations. However, this assumes “perfect security practice,” a situation which can rarely be emulated in real life. Even with appropriate segmentation of the remote site and headquarter networks, login credentials found with an EvilAP could provide an attacker direct access to the sensitive information you keep behind firewalls.

Pwn Pulse is the solution to that remote site gap. Automated asset discovery and rogue device detection give security professionals potentially located at headquarters or another location a fuller picture of security at the remote location. Even more importantly, it is a complete picture. With the ability to run vulnerability scans against your network on a predetermined schedule, you can make sure that all computers are downloading and applying the appropriate updates. If you know an update was pushed out to fix a specific vulnerability, and there are machines in your network still susceptible to them, you’ll know which machines need to be more closely examined.

You can see trends across networks [i.e. seemingly random rogue access points run on similar hardware at three different branches in the same neighborhood], you can pinpoint problem areas across the organization (i.e. guest wireless is frequently used by new employees), and you can understand the behavior not only of your network, but of the devices connecting to it.

 

Infinite Possibilities

These are just a few of the possible applications of Pwn Pulse. Downtime is wasted money, and Pwn Pulse can save security and IT staff effort which is better directed towards larger issues.

 

Distributed Security with Pwn Pulse: An Introduction

Since 2012, Pwnie Express has been a pioneer in the field of professional-grade penetration testing “dropboxes,” starting with the original Pwn Plug and continuing up to the latest R3 version. These devices, essentially tiny computers loaded with the latest security tools and the engineering to tie it all together, can be deployed at remote locations and report back to a security auditor from halfway across town, or the world. With the Pwn Plug, the security auditor simply needs to ship the device to the location to be audited and instruct whoever receives the package to plug it in; absolutely zero technical expertise is required on the receiving end.

The Pwn Plug allows a security auditor to monitor a remote location as if they were there themselves, greatly cutting down on cost and increasing response time. It allows one person, from a central location, to monitor multiple remote branches for changes in network topography or operation. If a new piece of hardware was added to the network, or some suspicious activity started consuming resources, it could be found and identified without having to physically visit the location.

But if there was one piece of the puzzle missing, it was a way to turn all of the raw data collected by remote Pwn Plugs into a concise, real-time, overview of the network. Managing the deployed Pwn Plugs could become a daunting task for operations utilizing them at multiple branches, and important clues could slip through the cracks.

 

Pwn Pulse

This is where Pwn Pulse comes in. Rather than thinking of the Pwn Plugs as remotely deployed computers that you manually interact with, Pwn Pulse reinvisions them as remote sensors. The data from these sensors is collected, filtered, and displayed to give the operator a snapshot of the overall network no matter where they are. Built-in analytics can identify trends in data over the entire network, or drill down to a single location. From rogue access points to an unfamiliar smartphone, network anomalies which may have otherwise gone unnoticed are immediately visible.

But Pwn Pulse isn’t limited to simply collecting data passively. It can also launch automated penetration tests and vulnerability scans from the remote sensors; so not only can the auditor see if a user has brought in their own device from home, they can instantly scan it for common vulnerabilities to determine its possible risk to the network. Scans can also be configured to run periodically, making sure the network is always operating as securely as possible.

 

Distributed Security

The value of a distributed security system such as Pwn Pulse is easy to understand in scenarios where there simply aren’t enough security professionals on staff to cover all of the remote branches in the organization. Rather than abandon the less utilized branches so manpower can be devoted to the higher priorities, Pwn Pulse allows the staff to virtually be everywhere at once.

Take as an example a bank which has multiple small locations in addition to its main headquarters. The smaller locations don’t have on-site IT staff, and outside of the occasional visit would generally be left on their own in terms of routine preventative network maintenance. These are the kind of locations attackers love to target, and for good reason.

But with Pwn Pulse the situation is completely different. A Pwnie sensor can be shipped to each location, and all they have to do at the branch is plug in the power and Ethernet. After that, the sensor will call back home to Pwn Pulse and start adding its data to the collective. Rather than being a haven for attackers who want to remain undetected, every branch is now just as well protected as the others.

Naturally, increased security is the biggest advantage of a distributed security system, but it isn’t the only one. Organizations utilizing Pwn Pulse save money by not needing to staff each location with a security professional, and save downtime by keeping the IT staff constantly apprised of network health.



30 Day Risk-Free Trial

Learn More Here

Job description: Infosec Ranger at Pwnie Express

Help Net Security

Job description: Infosec Ranger at Pwnie Express

November 14, 2014

By Mirko Zorz

 

When I learned that well-known hacker and conference speaker Jayson Street decided to join the Pwnie Express team, I knew this was the perfect time for an interview.


You’ve been highly independent, traveling the world on assignments for several years. What made you settle down to work for Pwnie Express?The main thing that drew me to working with Pwnie Express was the team and their commitment to being part of the broader community. From the very beginning Pwnie Express’s founder Dave and his crew were always part of the community. They don’t just sponsor community conferences – they also give out their PWN devices for free. No matter how much they grow I know they will never forget their roots! 

On a side note, a funny behind the scenes story on my introduction to the team: I was first approached by Dave at DerbyCon this year. He introduced me to Paul the CEO of Pwnie Express and we had a great conversation. Though later that night I met Paul again but this time I was in a bright yellow Minion onesie. Upon seeing him I sheepishly said to him, “So rethinking the idea of having me working with your team?” His response was to laugh and say, “Oh no, this confirms it – you’re a perfect fit.”

 

(Original Article)

Enterprises Embrace Pwnie Express’s “Pwn Pulse” SaaS Security Assessment Solution First of Its Kind Enterprise-class Offering Provides Remote Location Intelligence

Boston, MA, October 21, 2014 – Enterprises across verticals have lauded Pwnie Express’s new Pwn Pulse software as a service (SaaS) solution, calling it “groundbreaking”  for its ability to easily provide visibility across their remote locations. The enterprises were taking part in the Beta program for Pwn Pulse, which became publicly available today.

“Pwn Pulse allows us to have true policies in regards to our networks and computers and a true way to test them,” said Eric Gilbert, Manager of IT Operations for Black, Mann & Gramm, L.L.P, who took part in the Beta program. “It gives us the ability to not only have the policies on hardening our hardware but also a way to verify that it’s where it’s supposed to be.”

Gilbert touted the system’s ease of use and management console, stating that you don’t have a to be “security guru” to fully leverage the Pwn Pulse.

“For Amarillo National Bank security of our customers’ information is paramount. We already know the power of Pwnie’s sensors that currently provide us with unprecedented wired and wireless asset discovery at our remote sites,” said Bill Davis, Data Security Officer at Amarillo National Bank. “We are excited to be taking part in the Pwn Pulse Beta program because it solves the pressing problem of continuous and comprehensive assessment of remote locations.”

Pwnie Express is the only company to assess wired and wireless network security in remote locations on demand.  Pwn Pulse enterprise-class offering uses Pwnie Express’s easy-to-deploy sensors combined with central management  to provide highly scalable continuous intelligence across remote locations.

An end-to-end security assessment solution designed specifically for hard-to-reach distributed remote sites, Pwn Pulse delivers real-time wired and wireless asset discovery, continuous vulnerability scanning, pentesting, risk trending and alerting.

The Pwn Pulse solution also scored top marks in a comprehensive security audit performed by leading security-consulting firm TrustedSec, LLC.

“We were very impressed with how Pwn Pulse compared to the security of most other SaaS platforms,” said Dave Kennedy, President and CEO of TrustedSec. “Pwnie Express is clearly paving the way to a new baseline security profile for SaaS.”

Known for its drop-box penetration testing solutions, the new SaaS solution completes the entire enterprise security assessment lifecycle. The solution delivers a robust centralized management console that:

o   Allows for out-of-the-box deployment of sensors

o   Aggregates and correlates sensor data

o   Provides trending and analysis of data with the ability to drill down to sensor asset level

Pwn Pulse also easily and seamlessly integrates with existing security information and event management (SIEM) products.

Product benefits:

o   Provides a cost-effective lightweight, non-intrusive and easy-to-deploy solution for remote locations

o   Delivers the most comprehensive asset discovery to remote sites

o   Extends vulnerability management to remote sites

o   Enables subsequent on-demand penetration testing to remote sites

o   Allows for easy anywhere multi-site deployment

o   Increases frequency and scope of remote site assessment

o   Expands awareness of wired, wireless, BYOD and rogue devices across all sites

o   Addresses PCI DSS and HIPAA compliance requirements at remote sites

o   Reduces travel and operational overhead required to do security testing

“Securing wired and wireless connections at remote locations has never been more critical with the proliferation of access points exponentially expanding the enterprise attack surface,” said Dave Porcello, CTO and founder of Pwnie Express. “Attackers seek the easiest point of entry, and today, with the widespread use of wireless devices, from printers to BYOD, and the lack of visibility into these locations, it has never been easier.”

Pwn Pulse provides consolidated asset discovery, vulnerability scanning, and pentesting in a single unified solution to deliver actionable risk information showing organizations where they are most vulnerable. This allows organizations to focus on high probability threats and threat vectors.

It also helps organizations meet regulatory standards including the Payment Card Industry Data Security Standard (PCI DSS) that requires penetration testing to be in compliance.

Pwn Pulse’s integrated intelligence delivers continuous in-depth analysis to accurately identify attack paths, allowing organizations to extend their security from the headquarters across their entire organization.

Availability

Pwn Pulse is  generally available. For more information please contact: sales@pwnieexpress.com (855) 793-1337.

[Press Release]

Pwnie Express’s “Pwn Pulse” SaaS Security Assessment Solution Gets Top Scores in Rigorous Security Audit

TrustedSec Tests First-of-Its-Kind Enterprise Remote Location Intelligence Platform

Boston, MA, October 21, 2014 – Pwnie Express today announced that its new Pwn Pulse software as a service (SaaS) solution scored top marks in a comprehensive security audit performed by leading security-consulting firm TrustedSec, LLC. An end-to-end security assessment solution designed specifically for hard-to-reach distributed remote sites, Pwn Pulse delivers real-time wired and wireless asset discovery, continuous vulnerability scanning, pentesting, risk trending and alerting.  The enterprise-class offering uses Pwnie Express’s easy-to-deploy sensors combined with central management to provide highly scalable continuous intelligence across remote locations. “We were very impressed with how Pwn Pulse compared to the security of most other SaaS platforms,” said Dave Kennedy, President and CEO of TrustedSec. “Pwnie Express is clearly paving the way to a new baseline security profile for SaaS.” Enterprises across verticals have lauded Pwnie Express’s new Pwn Pulse software as a service (SaaS) solution, calling it “groundbreaking”  for its ability to easily provide visibility across their remote locations. “Pwn Pulse allows us to have true policies in regards to our networks and computers and a true way to test them,” said Eric Gilbert, Manager of IT Operations for Black, Mann & Gramm, L.L.P, who took part in the Beta program. “It gives us the ability to not only have the policies on hardening our hardware but also a way to verify that it’s where it’s supposed to be.” Pwnie Express CTO and Founder Dave Porcello welcomed the TrustedSec audit, remarking:  “We are thrilled that Pwn Pulse performed so well after being pummeled by some of the top web application security pentesters in the industry. The fact that we scored so impressively with zero critical or high priority vulnerabilities validates our commitment to delivering a best-of-breed differentiated remote security assessment solution.” Pwnie Express’s new SaaS solution completes the entire enterprise security assessment lifecycle. The solution delivers a robust centralized management console. It also easily and seamlessly integrates with existing security information and event management (SIEM) products. Product benefits include:

o   Provides a cost-effective lightweight, non-intrusive and easy-to-deploy solution for remote locations

o   Delivers the most comprehensive asset discovery to remote sites

o   Extends vulnerability management to remote sites

o   Enables subsequent on-demand penetration testing to remote sites

o   Allows for easy anywhere multi-site deployment

o   Increases frequency and scope of remote site assessment

o   Expands awareness of wired, wireless, BYOD and rogue devices across all sites

o   Addresses PCI DSS and HIPAA compliance requirements at remote sites

o   Reduces travel and operational overhead required to do security testing

Availability: Pwn Pulse is  generally available. For more information please contact: sales@pwnieexpress.com (855) 793 – 1337

 

[Press Release]

Derby Con 4.0 – Guide to Louisville

Derby Con 4.0 will be September 24-28 in Louisville Kentucky, and Pwnie Express will be on hand September 25-26 (and we might have stickers), so stop by the booth and say hello! We’ll be having a drawing for a free red Pwn Phone, one of only a few specially-made ones. In order to enter the drawing, stop by the booth and drop a business card.

Win a red Pwn Phone

In addition, two of the Pwnies will be leading a workshop called “Make Your Own Pwn Phone”  on Friday, Sept. 26 from 2:00pm – 4:00pm where you can, well, make your own Pwn Phone.  We will not, however, be providing phones — so remember to bring your own Nexus 5 or Nexus tablet if you want to participate. In addition, we will be selling the “Pwn Pad DIY kit” and the “Pwn Pro DIY kit;” full kits with all the adapters, case, velcro, etc. at the booth.

Though Derby Con is the reason to go, Louisville is also a great place to explore: in addition to the amazing food and the Kentucky Derby, Louisville is the home of Bourbon and some pretty great bars. Aside from the “standard” touristy sites, check out Louisville’s Mini Maker Faire on Saturday, September 27th and the local hackerspace LVL 1.

Start your tour of Louisville with the standard touristy sites on Main Street and Museum Row: for all you boxing fans, there’s the Muhammed Ali Center, a museum dedicated to the life and vision of Muhammed Ali. Those who prefer baseball can check out the Louisville Slugger Museum, a museum dedicated to the “Louisville Slugger” baseball bat and baseball history in general. Though Slugger field might not have games this time of year, the field’s gastropub Against the Grain is always open, with a great selection of craft brew and (word has it) some of the best beer cheese around. The 21C, a hotel voted #1 Hotel in the South, is also on the row and has an incredible contemporary art museum.

If music and food are more your style, Fourth Street Live is a great destination for restaurants, bars, lounges, and a food court with some of the best BBQ in the nation. For those willing to go a bit off the beaten path, Bardstown Road is a quirky, offbeat foil to the more touristy Fourth Street Live. Bardstown Road includes the Phoenix Hill Tavern, the oldest nightclub in the city, and comedy club Comedy Caravan (featuring the Laughing Derby).

Of course, Churchill Downs, home of the Kentucky Derby, will be hosting races during the weekend of Derby Con. Check out their calendar of events to find races and other happenings. More of historical Louisville can be found at the Seelbach Hilton, a hotel featured in Fitzgerald’s Great Gatsby and one of the places where he wrote the book. Old Louisville has the country’s largest collection of Victorian architecture, and the Bourbon Trail is a historical icon of a slightly different sort.

Hope to see you soon!

Pwnie Express Targets Remote Locations With New Cloud-based Security

By Fahmida Y. Rashid

Pwn Pulse Combines “Hack-in-a-box” Sensors with Central Management for Remote Location Intelligence. Pwnie Express, the experts behind network security testing platform that power the Pwn Pad, Pwn Plug, and Pwn Phone have launched a software-as-a-service (SaaS) version. Called the Pwn Pulse, the platform allows network security professionals to deploy sensors and collect real-time information about the state of wired and wireless networks. Pwn Pulse allows real-time asset discovery for both wired and wireless assets, provides continuous vulnerability scanning, supplies penetration testing tools, and offers risk-trending and alerting capabilities, the Boston-based company said.

Read Article