Brutuskend
Lifer
'Pen' Testing in the Palm of Your Hand
By Ryan Naraine
August 15, 2006
A portable hacking device equipped with hundreds of exploits and an automated exploitation system will go on sale in the United States in October.
An early version of Silica, which supports 802.11 (Wi-Fi) and Bluetooth wireless connections, has been fitted with more than 150 exploits from Immunity's Canvas product to allow security professionals to conduct pen tests while walking through office cubicles.
Penetration testing, or pen test, is used to evaluate the security of a computer system or network by simulating an attack by malicious hackers.
Pen testers typically assume the position of the attacker, carrying out active exploitation of known security flaws to search for weaknesses in the target system.
Instead of carrying around laptops through a target's office space, Immunity researcher Dave Aitel believes Silica can allow a pen-tester to perform testing while appearing to perform an innocuous behavior.
"[You can] tell Silica to scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target's office space," Aitel said.
Aitel, a well-known security researcher who created and distributes several hacking tools--The Spike fuzzer, the Spike Proxy Web application analysis tool and the Hydrogen remote access tool--believes the slim, PDA-like Silica will "redefine" the pen-testing environment.
Using exploits from Immunity's flagship Canvas, he said Silica can actively penetrate any machine and have all successfully penetrated machines connect via HTTP/DNS to an external listening post.
Immunity's Canvas makes available hundreds of exploits, an automated exploitation system, and a comprehensive exploit development framework to penetration testers and security professionals worldwide.
It is used by penetration testing firms, government agencies, large financial firms, and other companies to simulate attacks against their infrastructure.
With Silica, Aitel is extending the concept to the handheld space, stressing that covert pen testing is just as important to businesses.
"[You can] mail Silica to your target's CEO, then let it turn on and hack anything it can as it's sitting on [the CEO's] desk," he added.
Silica can also be used to conduct MITM (man-in-the-middle) attacks against targets on a wireless network.
Silica is also capable of connecting to a network or computer system using Ethernet via USB.
"There's wireless testing. Then there's pen testing. Those are very separate things. With this, we're joining those two things," Aitel said in an interview with eWEEK.
LINK to the full story
By Ryan Naraine
August 15, 2006
A portable hacking device equipped with hundreds of exploits and an automated exploitation system will go on sale in the United States in October.
An early version of Silica, which supports 802.11 (Wi-Fi) and Bluetooth wireless connections, has been fitted with more than 150 exploits from Immunity's Canvas product to allow security professionals to conduct pen tests while walking through office cubicles.
Penetration testing, or pen test, is used to evaluate the security of a computer system or network by simulating an attack by malicious hackers.
Pen testers typically assume the position of the attacker, carrying out active exploitation of known security flaws to search for weaknesses in the target system.
Instead of carrying around laptops through a target's office space, Immunity researcher Dave Aitel believes Silica can allow a pen-tester to perform testing while appearing to perform an innocuous behavior.
"[You can] tell Silica to scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target's office space," Aitel said.
Aitel, a well-known security researcher who created and distributes several hacking tools--The Spike fuzzer, the Spike Proxy Web application analysis tool and the Hydrogen remote access tool--believes the slim, PDA-like Silica will "redefine" the pen-testing environment.
Using exploits from Immunity's flagship Canvas, he said Silica can actively penetrate any machine and have all successfully penetrated machines connect via HTTP/DNS to an external listening post.
Immunity's Canvas makes available hundreds of exploits, an automated exploitation system, and a comprehensive exploit development framework to penetration testers and security professionals worldwide.
It is used by penetration testing firms, government agencies, large financial firms, and other companies to simulate attacks against their infrastructure.
With Silica, Aitel is extending the concept to the handheld space, stressing that covert pen testing is just as important to businesses.
"[You can] mail Silica to your target's CEO, then let it turn on and hack anything it can as it's sitting on [the CEO's] desk," he added.
Silica can also be used to conduct MITM (man-in-the-middle) attacks against targets on a wireless network.
Silica is also capable of connecting to a network or computer system using Ethernet via USB.
"There's wireless testing. Then there's pen testing. Those are very separate things. With this, we're joining those two things," Aitel said in an interview with eWEEK.
LINK to the full story
