Some companies pay for a security assessment to see if their physical building and office are secure. When they secure a building they want to test it to make sure it’s off limits to people who shouldn’t be able to get there, such as a datacenter. Sometimes these assessments are to test employees to see if they would let people in areas that they shouldn’t have access to, such as a random person walking behind a bank teller.
What do these type of pen testers bring to this type of security assessment? Here’s a few different people talking about what they bring.
Vest of Doom
Jayson Street has talked about his Vest of Doom a few times.
- A USB drive which when plugged into a computer will grab all password hashes
- A USB drive you leave for a user to see if they plug it in (potentially causing persistence)
- USB KeyLogger
- External hard drive (to grab large amounts of data)
- External hard drive (with rainbow tables and malware)
- USB Wireless Bridge
- Voice Recorder
- Ethernet Cables
- Various USB cables (A, B, mini, micro, OTG, etc)
- Small Computer – Something to fit in a pocket but can be used to connect to networks
- Tablet with metasploit
- SD cards – presumably filled with malware or for grabbing data
- Fake engagement letter – Jayson loves presenting this when asked to test people further
- Real engagement letter – If you don’t have permission to do this, don’t try it!
- Camera watch or glasses
- Pwnie plug
- More cameras
- Rtfm: Red Team Field Manual
- PSP – for times when you might hide out in a closet for 4 hours waiting for everyone to go home.
- Fake badges that may get you into doors or past people
Pen Test Backpack
Image on the right is a demonstration of how easy it is to swing the pack to the front, pull out a laptop, put the laptop on the pack, and begin doing work. The sling pack being used as a mobile table is really handy because it allows your hands to be free to do other things.
- Backpack: Yukon Overwatch Sling Pack
- Small Laptop with hacking tools such as Kali linux + Power supply
- Raspberry Pis that phone home, reverse proxy out to establish persistence.
- Nexus 7 with Kali nethunter. Add OTG cable with wireless adapter which lets you do packet injection and wifi hacks
- Rtfm: Red Team Field Manual
- Letter opener – used as shim to open doors
- Plastic shims made from dollar store plastic folder – used to open doors
- Proxmark 3 used to clone RFID badges
- Alfa Network Wi-Fi USB Antenna used to sniff packets
- USB wireless antenna with atheros chipset, used for packet injection
- bump keys, lockpicks
- 2x leatherman multitools
- multi head screwdriver
- pens + paper
- low lumen small flashlight to put in mouth or on hat
- USB cable
- Ethernet cables
- Mini Wireless Keyboard with Mouse Touchpad
- Hak5 USB Rubber Ducky
- Hak5 LAN Tap
- SD cards
- USB drives
- OTG USB cable
- The Glitch
- USB drive with a program that downloads an executable, runs it in memory, grabs an lsass memory dump, uploads that memory dump somewhere
- USB keylogger
- PS2 keylogger
- USB drive with Katana
- USB switchblade
- WiFi Pineapple
- A network hub used to bypass NAC
- Wireless router – plug it into port, turn it on, and leave. Then try to get to it from the parking lot.
- Extra battery packs for phone/laptop
- A second flashlight
- GoPro – to watch key locations from his phone
- Cellphone for pictures and other things
- Headset if talking to a team
- Cargo pants
- A hat to hide from cameras and connect flashlight to
- DSLR camer for really good shots of keys, badges, and recon
- Under the door tool
- Written documents giving you permission to conduct the test. Multiple copies of.
Extra things not mentioned
- Binoculars for recon
- Blue Painters Tape – cover cameras, peep holes, cover lights, hold items in place etc
- Ball Bungee – has many purposes
- Carabiner for pack to hang stuff on
What is missing from the list? Let us know in the comments!
Bonus Video: DefCon 22 Video on Elevator Hacking