|
Title: Hardware you should have during an onsite pentest? Post by: Eleven on November 16, 2011, 12:49:41 PM Here's what I have so far that could be useful during an onsite pentest:
Pwn Plug WAP Hardware key loggers Infected CDROM labeled something enticing like "layoffs" Infected USB drive Teensy USB HID Attack Vector from metasploit Pen that records audio Shredder that scans with OCR before shredding (heard about it, but haven't seen one) Camera to take pictures of sticky notes, documents, etc. Anything else you guys use? Title: Re: Hardware you should have during an onsite pentest? Post by: chrisg on November 19, 2011, 10:11:37 AM boot disk to change local admin passwords
something like the elcomsoft system recovery disk http://www.elcomsoft.com/esr.html Title: Re: Hardware you should have during an onsite pentest? Post by: Eleven on November 19, 2011, 01:31:03 PM @ChrisG That's a good one, thanks!
Title: Re: Hardware you should have during an onsite pentest? Post by: millwalll on November 20, 2011, 05:24:44 AM Wireless card
Ethernet cable Title: Re: Hardware you should have during an onsite pentest? Post by: Eleven on November 21, 2011, 07:32:40 AM I forgot about the Ethernet cable, thanks. :)
These aren't really technology, but useful: Fake business cards Briefcase to get stuff in or out Clipboard to look like you're working on something Title: Re: Hardware you should have during an onsite pentest? Post by: El33tsamurai on November 21, 2011, 09:28:17 AM Locking picking set?
Title: Re: Hardware you should have during an onsite pentest? Post by: 3xban on November 21, 2011, 10:41:01 AM Locking picking set? That isn't in your laptop bag?? :D If the scope for physical security is included, sure why not. Title: Re: Hardware you should have during an onsite pentest? Post by: eth3real on November 21, 2011, 10:55:30 AM That isn't in your laptop bag?? :D If the scope for physical security is included, sure why not. I keep my lockpicks in my laptop bag. :P Another thing I would add to the list, is a directional antenna with the wifi card. Very handy. :) Title: Re: Hardware you should have during an onsite pentest? Post by: don on November 22, 2011, 10:23:15 AM Not all the stuff I have in my backpack, but here's a few suggestions.
1. HDD - USB adapter. Makes it easy to just pull a hard drive and copy stuff in a hurry. They're cheap: http://www.newegg.com/Product/Product.aspx?Item=N82E16812156102 Or you can get an expensive one that dupes drives in a matter of minutes like this one: http://www.logicube.com/products/hd_duplication/echo-plus.asp Logicube even has devices for hard drive as well as mobile devices that are specifically made for forensics investigations. Kewl stuff. 2. I also like ChrisG's suggestion. I personally like Offline NT Password & Registry Editor: http://www.pogostick.net/~pnh/ntpasswd/ Don Title: Re: Hardware you should have during an onsite pentest? Post by: El33tsamurai on November 22, 2011, 12:19:16 PM Not all the stuff I have in my backpack, but here's a few suggestions. 1. HDD - USB adapter. Makes it easy to just pull a hard drive and copy stuff in a hurry. They're cheap: http://www.newegg.com/Product/Product.aspx?Item=N82E16812156102 Or you can get an expensive one that dupes drives in a matter of minutes like this one: http://www.logicube.com/products/hd_duplication/echo-plus.asp Logicube even has devices for hard drive as well as mobile devices that are specifically made for forensics investigations. Kewl stuff. 2. I also like ChrisG's suggestion. I personally like Offline NT Password & Registry Editor: http://www.pogostick.net/~pnh/ntpasswd/ Don Don: "Or you can get an expensive one that dupes drives in a matter of minutes like this one:" http://www.logicube.com/products/hd_duplication/echo-plus.asp (http://www.logicube.com/products/hd_duplication/echo-plus.asp) Maybe get something like this for a give away :-D Title: Re: Hardware you should have during an onsite pentest? Post by: hurtl0cker on November 22, 2011, 10:01:44 PM I have never been on any professional pen test :P
but let me add to the list.. Network hub or switch Live CD's Blank CD/DVD's Power strip Title: Re: Hardware you should have during an onsite pentest? Post by: millwalll on November 23, 2011, 10:25:33 AM I guess it also depends where you are going on site as some locations don't like you having usb or letting you leave with you HDD.
Title: Re: Hardware you should have during an onsite pentest? Post by: hurtl0cker on November 23, 2011, 10:44:00 AM I once had a faculty who was a professional Incident response handler, I had a chance to peep into his 'Jump bag' and they carry so much, things like screw drivers, spare screws and variety of hardware interfaces to connect to devices on site :) . And he used to say never steal from your own jump bag :D
Title: Re: Hardware you should have during an onsite pentest? Post by: tturner on November 23, 2011, 03:16:00 PM I got the following idea from Joe Schorr's DerbyCon talk but http://www.valuepluspaper.com/ProductDetails.asp?ProductCode=OIC83200&Click=1867 is a great clipboard to use. It looks official and is a great way to hide other items you bring in or want to smuggle out.
*Edit* Added talk http://www.irongeek.com/i.php?page=videos/derbycon1/joe-schorr-rule-1-cardio-and-9-other-rules-to-keep-intruders-out
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |