TrustedSec Releases TAP – An Open Source Attack Platform
Security professionals are often on the lookout for new tools. A variety of such is always a good thing, and you never really can have too many. Often enough, the best security professionals end up developing their own tools to fill needs that were never met by anyone else. This is somewhat the logic behind the new “TAP” program released by TrustedSec, a security firm.
While the software was designed to be run on an Intel NUC using Linux (or similar device), it could conceivably be run on other platforms and setups. The code is open, after all, and there for the taking. In any case, here are the specs described by the company:
For hardware, we use the Intel NUC series with a solid-state drive, 16 gigs of ram, wireless alfa attached for wireless assessments, and a Verizon LTE card so you don’t have to worry about egress filtering if it isn’t available.
The reasoning is simple enough. Sometimes remote clients are far enough way that you won’t be able to get there very often to pen test their network. A dedicated device for the purpose is useful for this reason. If you can offload the cost of the device (or even just an old PC on the network, running with all the same configurations as the native platform), then it’s a cheap way to keep an eye on client networks. It’s not the first device or concept of its kind by any means, but it certainly does make things simpler for the administrator.
The developers recommend using a stable version of Ubuntu to run the software. The software is designed for accountable professionals in that it makes logging of all commands entered easily during the installation process. This can be useful for ensuring that tests are performed regularly, or providing the logs to the customer to prove that the work was done, or even to enable them to run their own tests more often.
The reasoning behind releasing the software is simple, as well:
As security assessors, we don’t always have the luxury of being onsite working with our customers all of the time. For that reason, I created the TrustedSec Attack Platform (TAP) device. Basic concept is that you can deploy a box to the customer and have it automatically establish itself back to you in order to perform pentests. While this may seem like a simple concept, reliability, continual updates, and egress filtering is always a challenge.
The system only requires one outbound port to work and automatically updates itself, although this is configurable. If nothing else, the software could be a good starting point for other firms looking to build out similar tools, with more functionality or even entirely different functionality. The code can be audited, which is quickly become a standard security best practice.
Images from Shutterstock and TrustedSec.