penetrationtesting
Latest
Pwnie Express' Pwn Plug R2 lets you hackproof networks over 4G
Pwnie Express has a knack for stuffing powerful security testing tools into innocuous housings, and this time they're flexing that unique talent with the Pwnie Plug R2. Ars Technica's gotten ahold of the contraption ahead of its debut at the Black Hat conference, and it's boasting a healthy number of upgrades, including 4G service through AT&T and T-Mobile. Security hawks keen on testing network safety will be greeted with a fresh UI, one-click penetration tests and a new OS dubbed Pwnix, which is a custom version of the Debian-based Linux distro Kali. When it comes to hardware, the box packs a 1.2GHz Armada-370 ARM CPU, 1GB of RAM, a 32GB microSDHC card, a pair of gigabit Ethernet ports, a high-gain industrial Bluetooth adapter, two USB slots and a microUSB port. Naturally, the package supports WiFi 802.11 b/g/n and carries a SIM slot. If the $895 asking price doesn't make you flinch -- or you dig daydreaming about hacking for good or evil -- venture to the source for a breakdown of the gear's abilities.
Pwnie Express launches the Pwn Pad, takes hackproofing on the road
Pwnie Express-made security tools like the Power Pwn have mostly been stationary creatures that aren't much help when checking for network vulnerabilities on the move. There's now a more mobile version, though, in the Pwn Pad. The kit combines a Nexus 7 with USB-based Bluetooth, Ethernet and WiFi to gauge the security of a network beyond what Google's tablet can manage on its own. Ubuntu Linux is available in the Pwn Pad's software loadout, but part of the appeal comes from running a suite of tools in Android that aren't always available on the platform, such as Kismet. The $795 price will seem steep to those who bought the plain Nexus 7 at a quarter of the price, although it might end up being a discount for security gurus who want to leave bulkier tools -- even their laptops -- at home.
Silica hack "tester" perhaps too good at its job
As if we didn't have enough cause to be paranoid about WiFi hacking, Justine Aitel has worked out a way to do it completely automatically -- your ports will never be safe again. Justine's Immunity Inc. has developed a tool it calls Silica, which runs a custom version of CANVAS, Immunity's point-and-click attack tool, on a Nokia 770. The 770's touchscreen displays three simple buttons: "Scan," "Stop" and "Update Silica." As soon as you hit Scan, Silica can start hopping onto WiFi networks, search for open ports, and automatically launch code execution exploits. For instance, you could set Silica to download anything of interest off of exploitable file shares, then put the 770 in your pocket and walk through an office, gleaning all sorts of fun files to peruse later, or even have the device actively penetrate machines and have them hook up to an external listening port via HTTP / DNS at your bidding. Sounds pretty malicious, but it's all in the name of safety -- Immunity sells the $3,600 device to penetration testers to have a quick and automated way of testing network security on the spot. Once you're done running the scan, you get an HTML report of Silica's findings, meaning even a noob can get their hack on with this thing. Immunity keeps track of new exploits, and sends out updates about once a month to Silica users. Of course, Immunity also tries to be careful who they sell the device to to make sure it doesn't fall into malicious hands, but there's no way to be 100 percent sure, so we recommend unplugging your router now, selling the house and kids and moving to a mountain cave before it's too late.[Via Slashdot]
Automated penetration testing on the sly
Security minded Immunity corp is developing a wireless handheld device dubbed Silica, meant to help security professionals conduct mobile penetration, or pen, tests on the sly. The device is fitted with Bluetooth and WiFi and comes pre-loaded with hundreds of automated exploits to simulate a malicious attack. So instead of conspicuously setting up shop with a laptop and cantenna, the (hopefully) white hat hacker just slips the Silica into a pocket to scan every WiFi and Bluetooth device while strolling about the office, campus, or city streets. The device will then download "items of interest" from penetrated systems before connecting 'em to an external listening post -- good times! Immunity is currently beta testing Silica with hopes of launching the device for right around $3,000 in October... and then shortly thereafter on eBay. Let the warpenning begin!
