Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Pen Testing in the Palm of Your Hand



 By: Ryan Naraine
2006-08-15
Article Rating:starstarstarstarstar / 0


There are 2 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Immunity is working on a portable hacking device equipped with hundreds of exploits to offer wireless penetration testing for security professionals.

A portable hacking device equipped with hundreds of exploits and an automated exploitation system will go on sale in the United States in October.

The wireless handheld, called Silica, is the latest product to be developed by Immunity, a Miami-based security company that sells penetration testing products and services.

An early version of Silica, which supports 802.11 (Wi-Fi) and Bluetooth wireless connections, has been fitted with more than 150 exploits from Immunitys Canvas product to allow security professionals to conduct pen tests while walking through office cubicles.

Penetration testing, or pen test, is used to evaluate the security of a computer system or network by simulating an attack by malicious hackers.

Pen testers typically assume the position of the attacker, carrying out active exploitation of known security flaws to search for weaknesses in the target system.

Instead of carrying around laptops through a targets office space, Immunity researcher Dave Aitel believes Silica can allow a pen-tester to perform testing while appearing to perform an innocuous behavior.

"[You can] tell Silica to scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your targets office space," Aitel said.

Resource Library:

Read more here about the Core Impact 6.0 pen testing framework.

Aitel, a well-known security researcher who created and distributes several hacking tools--The Spike fuzzer, the Spike Proxy Web application analysis tool and the Hydrogen remote access tool--believes the slim, PDA-like Silica will "redefine" the pen-testing environment.

Using exploits from Immunitys flagship Canvas, he said Silica can actively penetrate any machine and have all successfully penetrated machines connect via HTTP/DNS to an external listening post.

Immunitys Canvas makes available hundreds of exploits, an automated exploitation system, and a comprehensive exploit development framework to penetration testers and security professionals worldwide.

It is used by penetration testing firms, government agencies, large financial firms, and other companies to simulate attacks against their infrastructure.

With Silica, Aitel is extending the concept to the handheld space, stressing that covert pen testing is just as important to businesses.

"[You can] mail Silica to your targets CEO, then let it turn on and hack anything it can as its sitting on [the CEOs] desk," he added.

Silica can also be used to conduct MITM (man-in-the-middle) attacks against targets on a wireless network.

Silica is also capable of connecting to a network or computer system using Ethernet via USB.

"Theres wireless testing. Then theres pen testing. Those are very separate things. With this, were joining those two things," Aitel said in an interview with eWEEK.

Click here to read more about updates to the open-source Metasploit hacking tool.

Immunity expects to sell Silica for about $3,000 and is working with external beta testers to iron out kinks before a projected October 2006 launch date.

"The primary interest has been from very large consulting organizations, so we know there is a market for it. Law enforcement agencies have contacted us, expressing interest in having something someone can carry with them to do pen tests," Aitel said.

The Silica software is based on open-source Linux and will run on several different hardware platforms.

The market for penetration testing tools has heated up in recent months. Immunitys Canvas competes directly with Core Impact, an exploit development framework marketed by Core Security Technologies, in Boston.

Core recently shipped Core Impact 6.0, an update that features a completely retrenched applications framework that the vendor claims will greatly improve the efficacy and ease of use of its tools.

The open-source Metasploit Framework, created by hacker H.D. Moore to offer point-and-click pen testing, has also undergone a major makeover.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Pen Testing in the Palm of Your Hand
>>> Post your comment now!
A user comment on this article
Yeah brother!! im totally with you!
Posted At: 05-18-09
By: chucho
A user comment on this article
:no: this is not a good article!!! make it more intresting!!
Posted At: 11-09-08
By: Anonymous
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}v69yDى)jlݚؖRݣHHbL%w% oВ/IϷm @P( o^ș=!1(cSݣ&DZ;;o޼ $ߙF0mTE[Ϡ^3N-w5 EffөP/o kGx6)oD&/hԎhT a@Y2d4lB|OoesM/cۨW|e0.:Aq6*֠Oj, P8${KE!Ee 8>v@/TYFN83qyf/De_XIYIb&[Ba<5n;7n =k}|-.&QVZ!Y~8 b#0+#O3`奰H A3c9p<k EJ3q %-j؁FQUNtXF>D9z vur<jJU3fdPt[dq3m9e(f42MYnER9(QJaE wm8we{2-ݍ\kLŢ/.s$QwÑ7V״bxCq={r9;{+Z׼ AW[YHL~#?jQEVK,ID>-ԆNVP? uΑjR2jF-_ JE($zCOR Ә])1N, u;Gҹt.t?]u;H>߈ecby1ZPEb(+W:+1㭩S>=~^wEN:ǝ>gg:Qm3H?W[U?{}_A"󁭡pHz@Rs?>_v4Rκ$'uXO'3`lDiYܹȑ\KǛȃ+aXXU<(:mNQGm6|i>!ʠ 괱b;\Z@ӧ&hCҋL  wB:_7LAbG@c`Ψ6sPCGA :\TRmb;>49 PhRP<sx70ܚ@[3h_%]Ѽk:F?a'0. Z- BeV~m̢PsܧmMrAݛ39ڭfZȴ@c@%&B~`Z&4D 7uXu-^\#oUKf;aMv"Wv6`zT4':ϧHږiJoBo*څP!_.dA\^*VAB1 :d:l'9oU 2g4ݤlreEՔy`OEҏa5=%ӻfR/0}ԙQԽĠ3BZ)z٦ll.ƖuV"k̲X]ۼ/ 7Je_- B]+Ҿ]F*ےxmEZuOGe K5C IP֦(XK+ezxч%ue2LInQx_1>Wl(`TrIlSh#aI^)*Z<6k|V [YCbeܡQӿ9Ȩ/lĖCfx9bzǎ As,]OT d|; ?۠s&^hpܩH80Vm2`a&fj>Y] "^|W@(KбfًʰY^48~5l4^u:#歰Ad= ?3щj*SaA3(TMa{;وyì*?NՊRRIO:&"_Gƅ Kd 9Ч-PcY]6fDm6'k QڮV-BM{n pj Z*f~ai~04LyV/|V}uV0\CMPa+32Qq@L,*IH qNIQ KMXgB٧O副1 i0րq/S"X588 y|@*&Oz1 [ "T=;$f4W߀Ēh&]4X6H }=4 ~3<2 yә^JZqtZ5jV9 >熾_2nA |tqZLaP#'P^˒Ǧ;|x?ߛ#y.¬_*ǨOUqё,ugBRTU[_M΍lϟϢ>OXqDGL hAui7ހ jZU~IF G:q~i@"Osf0f,*a7Y]OSUj/y35 ) L5P ȈhCӾ#vp,0tRX܏.n<1/֟?3P?(/M3DJO*,7؄Bԉvkgyͤլpo|9}M-gn)Ah9m !jsU-(x5r=H_'pd(z&}V@ӻD׿,(#2R*?.=xփ3(K?0MgL:賻_?a]#+d WB'&#=ܕO~1ek &scd (.E;A#qfD dkƎ| {P&! ,`x:W.PcWa;8l./]>lf#-Qn1^ >q["c'ۭ%V_ 6Pk5.T%иꀢb%.a^&k꾬=M~QXyC[RUeHG2gJTYHV uZ\gnoꞃL >0 8x @Yʊnw` xV֪y kRW =(A,B#|t'fP| \UC~:Z;L$rS5RdrQT\JZV v\NJErh2k./ }71טޜsb9t i|zP),r?1Ȍg <|qqvNyĦ,BO+]s,4A}q0Ns/$ڎVõ]2eX$V|P~#*VKR$gIء@'/=a^[`:Jce4qy4)}}ŵnn@p &yX|uCEH2H"mR'̄BMÀ>⺆br~VQXK@rrzJ5t2R@BZFbNx| S nhFQX)A`?up/5492-Ҋx0M8tz'JUqmr<cC~Z}_+Fb-ln* }!DNnS- SdM2;?R7ݓCR*@:mw>1}~ll?<~w!&0zŽcr Ou,mU^t~9$z/Ny} Gya8dBeQw $HXM$Ÿڈmf6C[{>9^xYt:10\^ |/>ѰQo0 8 nqwO5Y#%[.Es5BR pFN*<fSڌ6NJ!zzKwMTءһ:\qbAaN$"zE悛gH0YTu)۳}gE1iUkao$]d :5 ( [ r P)'$ 'Yst*9-38ǞLg!h:Ua2^XJI!)$z'e3v9]9Q1l7 FWE'k'z-&2}m1ў.`m e܃< WVr['t?>!+g>T8|8$M a2M\qsz}HaP;PEZ3pq*IKwBb%_LJpVKuVǜx" R̄!уx9$ A\A>?u$ݛf0>z3ƍ`'ah;eƫ>|meyB 3?ݡMM62sGÙi]L Hlй"σ QW}F{*?J$c:I"IAUbƶF/gU3$]e%~VxF0M#}9Jf4hAxnlOo~c#?~/K~.z\DYqDTۊ1X+HX55!RJ L1+Dճz.K<]TUR{C[|q=F(@>#~|U#yA#@A" ~]TX'=ҧVvV_TT7ҋH% v>y9@c+KjE͠U!^= 0x׏뢏'"DÖ]om `S*8Y 0kAIZO+HGAH!" hh B(hn=޴ 3n+|ZޔJ*0x43ǹ#:!3gs0@8tf:FY.)%ImJ W&v&I8a!6$`bL|t.VF]om_f{gsS{%Z0|<5PnrڔNhjUbK-nY8JozV ߬lk߬߬߬_V([qcNjRbۗRj4HmK#Aj.ߔzxͤZN% "6aYA<^y>`Z!a_0/a 6g&Ng]HߋXABDII$X+Mzv7цN^WOεԛ,ꥢ*1Z~戄XRcepnT*Vef9C"G8m9tqpJ؈5Z[ِTʯ-YDG~I[7oqPʲ ] `f1t(!q Qr}J"q$l^o=qΝE 0ZElH?J;?GW][9ia[.c jM"A$H"aI #!Pе@OP73%cR?p4CQ`<@<3!,??wMk?ۢ/mR| gcG\j\ocեc;d!H[B' ֏67LOf姠"S:zB7' c ].ӏYN~O<%ݣA- w7km6Fo_]fF;L3EEiB<1xa Bfu{Ӿ6gBL{~#-F/xMnm0]Cǫ(&W3~tc6g&#?ݫS$%R|9|u>B!Y`t.EAm;ڲZ3`'!YݏL IJky龝!I3g~sHoUm@+h41Bq~c#we$7븚e%}M\BW{ŗqw֑}>7-P5&`7̎5>ƓPx͸𝧹 yسGg-] F"$w>Z-~Bf4CX5bMl$4F86ZI2⌱fne)s_(JTT$"QK)p _~ޱO 8ib? {חU|v7j:UA eJ 'ɻ6iI{!Zbr8R7o@.h VFjDfmo[*-k6ٿc y es^7Wqi6-w/܉?5Wf8#ĭt|w/=~PAftvA94H]M)*b4[o0q[7n:m$mL}ǔvTw;-I{s:^A㻝WT #8NƥCDc߷P> *nǍ@ ͦ*#o^+zas9Ǻat ^USvqI~_HtlqYw\ĢP)rGv_R 2,{0{0cYn'hn#j\ܰrsɏz'Ʈ"%5zH JH 0{پAX^qQZ1"}0Fcu\_E\aX.o֊X'GB8AXJߘDJP` a`8ĒAu[Pn/͛I~oYK]㡆u.95͒E tMc95XS՜|咿܋VYJ: Znj\1auTA9iAK5p̋R!Q!ɂ9`HQUr3qbjģ\ϫah=ycr="vc` oL+.қQ㉠D37:UsÑ7 7tttQaNamDXhgne'/{"YK`miXx< SIpʭG-4s`6&jUiKJEV 7CzA ?GVEVUP=³}v_!fUo >=0gzҧE{z^{n?JX.իw4z mq,֠K&y 0Y>GV(bX AzϵO>< pr|l4t_ë ؑ0!8X< b0s{EF^[96YlnG 90ڱ]w&ݭTRݽ,&HPjߚc=/7R==FWcXYrRfp ʹ{[QZYIva|Xev׈)|l6}a?݈Dwnj8̏XJ0KJzV={6وb ]T\Qa\..;3zZ*F&#ZKik`5xE{zByF+PSC7,6M$Adȃ5T?Ogh^?[!}oh}exxJErG:Lh0E~Ȁ^P>gF :{nIٯbeDvǻ/tX0+b3-#k^asH ]W\Af/Ak:*dwSij}jٟ0nhGpБ`b'r*ћ럯.ʁRE>p4*ej)VtK`M 2@s87>|>_is`nOKZ&6@אIogR II!9S"" aں5g3bvWG%ڏ|ɧ^1r T-!KbqfûB |嗚`tB_P"?MN"@ g o#!\)%ln*7WX|p/x˜3L\Ch̃2Eܹ=ezwGy7]&Z棙` \ڻyС5NG͚#ߛiSg0<*[7;ΥIF^~|L]ƒ $BѽӜ6Cһ_7=}g?ݩ2}xCИ1_[5~ U꺂_JweX &ZY~n/h̪W2qfՅ&JZ J{AfN*Șp[O| TBzX\S;k//>iӫN?nuzx ZѶpt{ԭs;|ܻ|ڽ\^u/֩L·_3meP0mw %E9ši'\ ³Q_esxgixɆ(b,.Vq̀AwpD0/ڲbQ@2:ۆǀZOA~pϏxu3_M;FyS obvR@\rs@ACX~88dCSi~CgGH>C7]=ɵ'оnF>ӽHw3s??O?gakg9<< ><瀟 C3yA@.eF+ CC 2o ># 韲ҡ2 )א~{APuF@$)cv/qz*es^ɵ2RyUKӌHϐgU3Vڭ^Va{j)gF~W kw\WKM0TtEٳEfZkǸZt yԾW( V`ʼ5X(n%Y}fMʑ 44k 7b]YBYII{R}ntE I>4𖫫qLw,_YnƊ6sLqϜOǽaN@x"FiG*d>܃f cp2 #ţ,B;HV+3iKЈw[3+ ==*9݆n ٭e9~CG09nsKkr>u5bxvY늮̌j7-P.#IkgeSws١Gh ߊD,}T eHI/\=oQ^\&N* Y-4Y,)Ƹ05:A`h֞/kn7\AaƈkĢ*V\M'!g](#2bU+E$}7 :)Vr1>rQas꺼tw4s@.} n#QX[D~ۀ0<utxnǍQc=Xm &SD}0>mTx+XtSSa8H-~/J-JcFЯ1#9ӿ*aѡHY] œ{D83o{ZNݫk+ېܱ }-g)nY˅}[8 5 g[=Ǚې24_3K~hRHv<'.5dL]&S #2x^#4GN"R/0DPqE^gD/y ;?&<›,3 ^zl x S/!I/; >Cqns{$>}h.q5sEEאE$*J =˵ L8Ʉpɑs?plFCv _1!;'0GJ ?,^2PSFӽ$}ǚ 3=-O_Z>& (&(z16qϐTh1E9%|)*~Ռ]%|/.IDπjUUj΢ِ[j9.^K`RJVu. =vUScO` A/_ Q,(π 8>eCgq2D~gF=&*P=eZ= v,8%^z+IkmGmc[VhɄK"z! $/ M*_ `ɑX)w'lnW|B{,Kl`B`t0YT:>Am{ٺ*^lܹiVhHm[)d2-1ic%p't!mX0# n=ձw O 7G=ƋҚsxѼċL}_vs[>/'`d鎎FhdG: $_*04SsVn0]~ r@K&\n[Ys,#sE%&(Xp\'AΙz! * G"9BU(]<#6Vs/>yKW}dznGa|dt%KFz%!1ӶT)V"ʥ.lSlܞ=Ba҇fd_X ($ LIN=H|좢UnDY[;5bKiA CaXq]> @c6: .ƇXW65Y{ ;τ 4}k} X *# *F" PZ2h"N؊rI)9폭9N*D%la$r9R3 [Et f.t1 p{Zxrϼ )ϩ}_|Jެoe;r 3sO{³fO +#_tecǹ1.|Ou CiIxk@~-e"^~8 Ԃn ~?vP e\0uzlb}I)@4XjќDR Uؼmhჲ68);Mڲ%Ltv>eEf u[a}cHiAh697+25 ~ zɝ 1%ɳyqy"6z9s񆗰PFggP2+ס,)OƔ)[#!ϦubZh8#1DZ:Ww]"csJ\nU͑h0\~J ;qNl4 {&)B88X]x}8F>YFY"(h!TppZNw Y'wq[5a&ЖݨD`ؓ #j-U-M77qvcFS 0Wtg;jC!Ի8g,PxZaIޭx^rgw:\nqRRMi7mޘnL)ac⭹8& N%.*^ #^H,ucxYsJ`6."MR$dtoIAr(?'m ٿYhsMBm<ٕ=IIt!Rǝ7>(厫6}ϓͼM81w W@'3Ҭ<~y"F%:FD3| IrBexmÊݟzC'C:{NURgk%lx|9;AEiV}`e<0N28AJءJ G~V' bpY GҬДjZz- ޕhHuGmvGSxY?Ι"@e Q,cinY٨4|;՝0v(er%C벻Y>,TXpx> 06 ~:+ P @:mw> \} m@C@wF >F:8}ap"wֻ:L);NG_>^HaF Fӻ:A0KVXI}2#^2̚&Fc6=wX_1xg@jZ%–Ŀ(B-@'%֒\/at1%"b{k;aW7 딌-IorVnw'!&f6Cj39 ;>VM( ^6b+" ́ś,PEdkB