Contents of a Physical Pen Tester's Backpack

| Comments

Some companies pay for a security assessment to see if their physical building and office are secure. When they secure a building they want to test it to make sure it’s off limits to people who shouldn’t be able to get there, such as a datacenter. Sometimes these assessments are to test employees to see if they would let people in areas that they shouldn’t have access to, such as a random person walking behind a bank teller.

What do these type of pen testers bring to this type of security assessment? Here’s a few different people talking about what they bring.

Vest of Doom

Jayson Street has talked about his Vest of Doom a few times.

He talks about the contents in his DefCon 18 talk and again in his DefCon 19 talk. Both talks are great to watch in their entirety to get a sense of how Jayson gains access to anything.

Contents

  • A USB drive which when plugged into a computer will grab all password hashes
  • A USB drive you leave for a user to see if they plug it in (potentially causing persistence)
  • USB KeyLogger
  • External hard drive (to grab large amounts of data)
  • External hard drive (with rainbow tables and malware)
  • USB Wireless Bridge
  • Voice Recorder
  • Ethernet Cables
  • Various USB cables (A, B, mini, micro, OTG, etc)
  • Small Computer – Something to fit in a pocket but can be used to connect to networks
  • Tablet with metasploit
  • SD cards – presumably filled with malware or for grabbing data
  • Fake engagement letter – Jayson loves presenting this when asked to test people further
  • Real engagement letter – If you don’t have permission to do this, don’t try it!
  • Lockpicks
  • Screwdrivers
  • Camera watch or glasses
  • Pwnie plug
  • More cameras
  • Rtfm: Red Team Field Manual
  • PSP – for times when you might hide out in a closet for 4 hours waiting for everyone to go home.
  • Fake badges that may get you into doors or past people

Pen Test Backpack

c0ncealed gives a great breakdown of all his pack’s contents in his Physical Pen Test Talk. He goes into what each of these items are used for. A great watch!

Image on the right is a demonstration of how easy it is to swing the pack to the front, pull out a laptop, put the laptop on the pack, and begin doing work. The sling pack being used as a mobile table is really handy because it allows your hands to be free to do other things.

  • Backpack: Yukon Overwatch Sling Pack
  • Small Laptop with hacking tools such as Kali linux + Power supply
  • Raspberry Pis that phone home, reverse proxy out to establish persistence.
  • Nexus 7 with Kali nethunter. Add OTG cable with wireless adapter which lets you do packet injection and wifi hacks
  • Rtfm: Red Team Field Manual
  • Letter opener – used as shim to open doors
  • Plastic shims made from dollar store plastic folder – used to open doors
  • Proxmark 3 used to clone RFID badges
  • Alfa Network Wi-Fi USB Antenna used to sniff packets
  • USB wireless antenna with atheros chipset, used for packet injection
  • bump keys, lockpicks
  • 2x leatherman multitools
  • multi head screwdriver
  • pens + paper
  • low lumen small flashlight to put in mouth or on hat
  • USB cable
  • Ethernet cables
  • Mini Wireless Keyboard with Mouse Touchpad
  • Hak5 USB Rubber Ducky
  • Hak5 LAN Tap
  • SD cards
  • USB drives
  • OTG USB cable
  • The Glitch
  • USB drive with a program that downloads an executable, runs it in memory, grabs an lsass memory dump, uploads that memory dump somewhere
  • USB keylogger
  • PS2 keylogger
  • Ubertooth
  • USB drive with Katana
  • USB switchblade
  • WiFi Pineapple
  • A network hub used to bypass NAC
  • Wireless router – plug it into port, turn it on, and leave. Then try to get to it from the parking lot.
  • Extra battery packs for phone/laptop
  • A second flashlight
  • Paracord
  • GoPro – to watch key locations from his phone
  • Cellphone for pictures and other things
  • Headset if talking to a team
  • Cargo pants
  • A hat to hide from cameras and connect flashlight to
  • DSLR camer for really good shots of keys, badges, and recon
  • Under the door tool
  • Written documents giving you permission to conduct the test. Multiple copies of.

Extra things not mentioned

  • Binoculars for recon
  • Blue Painters Tape – cover cameras, peep holes, cover lights, hold items in place etc
  • Ball Bungee – has many purposes
  • Carabiner for pack to hang stuff on

What is missing from the list? Let us know in the comments!

Bonus Video: DefCon 22 Video on Elevator Hacking

backpack, infosec, redteam

Comments