Some companies pay for a security assessment to see if their physical building and office are secure. When they secure a building they want to test it to make sure it’s off limits to people who shouldn’t be able to get there, such as a datacenter. Sometimes these assessments are to test employees to see if they would let people in areas that they shouldn’t have access to, such as a random person walking behind a bank teller.
What do these type of pen testers bring to this type of security assessment? Here’s a few different people talking about what they bring.
Vest of Doom
Jayson Street has talked about his Vest of Doom a few times.
About to load my new #VestofD00M v.7.0 :-) for my engagement in France after I speak at @hackinparis & @NuitDuHack pic.twitter.com/aSGUoOnWZ2
— Jayson E. Street (@jaysonstreet) June 22, 2014
He talks about the contents in his DefCon 18 talk and again in his DefCon 19 talk. Both talks are great to watch in their entirety to get a sense of how Jayson gains access to anything.
Contents
- A USB drive which when plugged into a computer will grab all password hashes
- A USB drive you leave for a user to see if they plug it in (potentially causing persistence)
- USB KeyLogger
- External hard drive (to grab large amounts of data)
- External hard drive (with rainbow tables and malware)
- USB Wireless Bridge
- Voice Recorder
- Ethernet Cables
- Various USB cables (A, B, mini, micro, OTG, etc)
- Small Computer – Something to fit in a pocket but can be used to connect to networks
- Tablet with metasploit
- SD cards – presumably filled with malware or for grabbing data
- Fake engagement letter – Jayson loves presenting this when asked to test people further
- Real engagement letter – If you don’t have permission to do this, don’t try it!
- Lockpicks
- Screwdrivers
- Camera watch or glasses
- Pwnie plug
- More cameras
- Rtfm: Red Team Field Manual
- PSP – for times when you might hide out in a closet for 4 hours waiting for everyone to go home.
- Fake badges that may get you into doors or past people
Pen Test Backpack
c0ncealed gives a great breakdown of all his pack’s contents in his Physical Pen Test Talk. He goes into what each of these items are used for. A great watch!
Image on the right is a demonstration of how easy it is to swing the pack to the front, pull out a laptop, put the laptop on the pack, and begin doing work. The sling pack being used as a mobile table is really handy because it allows your hands to be free to do other things.
- Backpack: Yukon Overwatch Sling Pack
- Small Laptop with hacking tools such as Kali linux + Power supply
- Raspberry Pis that phone home, reverse proxy out to establish persistence.
- Nexus 7 with Kali nethunter. Add OTG cable with wireless adapter which lets you do packet injection and wifi hacks
- Rtfm: Red Team Field Manual
- Letter opener – used as shim to open doors
- Plastic shims made from dollar store plastic folder – used to open doors
- Proxmark 3 used to clone RFID badges
- Alfa Network Wi-Fi USB Antenna
used to sniff packets
- USB wireless antenna with atheros chipset, used for packet injection
- bump keys, lockpicks
- 2x leatherman multitools
- multi head screwdriver
- pens + paper
- low lumen small flashlight to put in mouth or on hat
- USB cable
- Ethernet cables
- Mini Wireless Keyboard with Mouse Touchpad
- Hak5 USB Rubber Ducky
- Hak5 LAN Tap
- SD cards
- USB drives
- OTG USB cable
- The Glitch
- USB drive with a program that downloads an executable, runs it in memory, grabs an lsass memory dump, uploads that memory dump somewhere
- USB keylogger
- PS2 keylogger
- Ubertooth
- USB drive with Katana
- USB switchblade
- WiFi Pineapple
- A network hub used to bypass NAC
- Wireless router – plug it into port, turn it on, and leave. Then try to get to it from the parking lot.
- Extra battery packs for phone/laptop
- A second flashlight
- Paracord
- GoPro – to watch key locations from his phone
- Cellphone for pictures and other things
- Headset if talking to a team
- Cargo pants
- A hat to hide from cameras and connect flashlight to
- DSLR camer for really good shots of keys, badges, and recon
- Under the door tool
- Written documents giving you permission to conduct the test. Multiple copies of.
Extra things not mentioned
- Binoculars for recon
- Blue Painters Tape – cover cameras, peep holes, cover lights, hold items in place etc
- Ball Bungee
– has many purposes
- Carabiner for pack to hang stuff on
What is missing from the list? Let us know in the comments!
Bonus Video: DefCon 22 Video on Elevator Hacking
Comments