At Black Hat and Def Con earlier this month, the penetration testing tool makers at Pwnie Express unveiled two new products aimed at extending the company's reach into the world of continuous enterprise security auditing. One, the Pwn Pro, is essentially a souped-up version of Pwnie Express' Pwn Plug line of devices; the other, Pwn Pulse, is a cloud-based software-as-a-service product that provides central control of a fleet of Pwn Pro “sensors.” Combined, the two are a whitehat’s personal NSA—intended to discover potential security problems introduced into enterprise networks before someone with malevolent intent does.
While Ars was given a brief look at the new products in Las Vegas, we’ll be conducting a more intensive, full review of Pwn Pro and Pwn Pulse in the near future. Rest assured that our review will be heavily informed by our experience with the Pwn Plug 2. But despite our somewhat brief experience with the new products, it’s not a stretch to say that they are a significant upgrade to Pwnie’s previous capabilities.
First, some full disclosure: Ars has worked in the past with Pwnie Express Chief Technology Officer Dave Porcello. Specifically, Porcello helped us turn a Pwn Plug R2 into a miniature deep packet inspection machine during our collaboration with NPR. After that experience, we purchased a Pwn Plug R2 of our own to continue to perform vulnerability testing in our own lab. That means we have more than a passing familiarity with the team behind the Pwn products, but it also means we’ve put some mileage on the technology that underlies them as well.