Most penetration testing companies provide and physical penetration testing as part of their services.Some of them are taking this service more seriously than others as they are spending part of their budget to obtain specialized costumes and equipment that can be used in physical penetration tests.In this article we will examine some of the equipment that is necessary to have if we are going to conduct a physical penetration test.
Get Of Jail Free Card
This is usually a signed letter from the client which states that the penetration tester is authorized to perform the test and the client is aware.This type of letter will work as a proof in case that things go bad and you will get caught by the security personnel or the police authorities.So the letter must include the contact details of the people that they are aware that a test is performed (preferably people in higher level positions) and must be reachable during the test.This letter should never be forgotten by the penetration tester and it is a good practice to have at least 2 original copies in case that one is lost accidentally or is destroyed.
Cameras are important equipment because you can take photos of client documents,facilities and the areas that you have managed to gain access.These photos can be used as evidence in the penetration testing report afterwards.Of course cameras of mobiles phones can be used as well but it is recommended a proper digital camera with large amount of memory.
Binoculars are useful in cases that you want to observe the security guards from long distance or you want to perform shoulder surfing attacks against the employees of your client.For portability reasons and for not raising any alerts it is advised to buy binoculars that can fit into your pocket.
In a physical penetration test someone will assume that a laptop is not needed because all you have to do is to physical penetrate.Wrong!In case that you want to construct a scenario where you will disguise as an employee of the company a laptop is a critical component.Additionally you can have a case where the client will require from you to manage to attach into the internal network.
A GPS device can help you in many ways.First of all you can have an idea of the location that you are going to attack by observing satellite photos before the test.Alternatively you can use Google maps for that but the GPS has the advantage that you can carry it with you during the test and you can mark locations that you want to explore or to avoid.Also it is vital for your support team to know exactly where are you.Before you buy a GPS make sure that the device can export the route that you took in order to include it into the report.
Lock Picking Tools
Of course in a physical penetration test you don’t expect every door to be open so it is essential to have in your bag and a set of lock picking tools.Generally lock picking tools are not very expensive so you will need to choose very carefully the best quality that it will assist your needs as you don’t want to break your client locks.
There are scenarios where in a physical penetration test you might require just to plant a USB stick inside the premises of the company that will contain malicious content.This will be the case when the client wants to test their employees awareness against this type of attack.You can use the social engineering toolkit in order to create the malicious USB or you can import your own files.
Pwnie Express Tools
Pwnie Express is a company that specializes in constructing hardware tools that can be used in physical penetration testing engagements.Most of them are quite expensive but the effectiveness of the tools are high because they look like normal devices so when you will plug them on the network it will be difficult to be discovered by the employees or the administrators.Some of the devices that you can buy are the following:
- Pwn Plug mini
- Power Pwn
- and PwnPhone
No pack of gum? Pack of Cigarettes? Clipboard, notepad and pens?
@Ben The article is focused only in the devices that you need to have with you.Of course if you want to use tailgating as a technique a pack of cigarettes is probably needed but it is not considered as a device.Also clipboards,notepads and pens can help you in scenarios that you want to disguise yourself but everything it depends on the scenario that you will construct in order to physical penetrate the premises.So you can have different tools for a variety of scenarios as well as uniforms and costumes.However the above list is a general list that in my opinion every penetration tester that performs physical attacks must have.
it a reach article with a very explainable content.
but what if you want to penetrate the network from outside without having to enter the company first.
thank for your reply
@Christian Bassey If you want to penetrate the network from outside the easiest way is through social engineering attacks.You can read other articles in the social engineering category in order to understand how you can do it.
Nice article. My physical penetration kit consists of Google, a telephone and clipboard! Never failed to get in or out of a building with this. I also also carry a “get out of jail card” but have never had to present it. I now carry 2 of them, a spoof one ( to see if they actually check the details) and the real one.
Don’t forget a flashlight and a good roll of electrical or duct tape (comes in handy in lots of ways). And, regarding lock picking tools, make sure you check your state law. In some states it is illegal to own them unless you’re a certified locksmith.
Also check out the OG150 – http://www.og150.com – designed to plug in on site and walk away (remote SSH tunnels created). Includes covert physical surveillance.
Nice find. Cant wait for the 0g150 to come back in stock… the webcam feature makes me drool.