Red Team Toolkits

Forward

The list(s) below are not intended to be a fully comprehensive list of physical security tools, but a mixed bag of devices and tools that we commonly use with hybrid assessment and what we have vetted. There are some great resources out there and similar (more complete) lists from various physical security professionals whose emphasis is solely on physical compromises, so keep in mind that the below list is intended to be a quick reference for Red Team specific toolkits – which often include technical devices and physical tools.

Please make sure that you have plenty of experience with bypass and lock picking tools in order to reduce the risk of damaging or screwing up doors, locking cores and mechanisms etc. As always, it is assumed that you have permission from your client, have the proper documentation on hand and the defined scope is your primary consideration before attempting to compromise a target facility. :] Be responsible!

Note: Many specific tools utilized in a social-engineering and/or Red Team assessments may not be listed below. Although there are popular vendors for specific tools, alternatives may exist.

Toolkit Examples

When deciding on what to bring with you, it is important to understand the facility and industry type, dress codes etc. Often times you may not discover this kind of information until you are already onsite (there have been more than a few experiences where the client has requested a “quick and dirty” or last minute assessment), so it is important that you arrive at least the day before an engagement in order to observe the parameters, coverage, entry points, employees and access controls. It is important that you allow yourself enough time for passive and active reconnaissance, especially if there is more than one target facility. From what you observe, you may need to adjust your toolkit and guises accordingly. Remember that the lighter the kit, the easier it will be to move about and stay discrete.

Travel Tips: Keep a print out of “TSA approved items” just in case you run into any issues at the airport. Often times TSA agents may be ignorant of these tools and what is allowed. Another handy tip that has been recommended from a few people is to keep a prepaid postage envelop, just in case you need to mail something back to yourself.

If you’re worried about your carry-on, just check your tools in as a checked bag.

Bags: When arriving for the onsite assessment, it is advised that you do not carry a large backpack or your super awesome tactical military bag. Here are some additional considerations:

  • Wear a bag that is a neutral color.
  • If you must use a tactical bag consider a versipack, sling bag, laptop or shoulder bag. Maxpedition makes an excellent jumbo versipack with multiple built-in, organized and concealed pockets that isn’t overly “tacticool”.
  • DO NOT walk in with your hacker stickers, patches and pins all over your bag and devices – unless you intend to make yourself stand out on purpose.
  • Organizer grids (Cocoon Grid-It) help to keep cables and small devices organized in your bag for quick access.
  • One of our favorite bags: http://www.maxpedition.com/store/pc/Mongo-Versipack-p1332.htm
  • Cheaper version of the Maxpedition Mongo bag (SHANGRI-LA Multi-functional): https://www.amazon.com/dp/B01B7UYOFS?th=1

EXAMPLE Bag of Goodies – Minus the patches and pins when onsite! 😉

red-team-toolkit

EXAMPLE Red Team Toolkit #1

  • Lock Picks (Pocket) – Commonly used picks
  • Under-the-door Tool
  • Canned Air, Hand warmers
  • Shove knife / Shrum tool
  • Crash bar tool
  • Dimple lock gun
  • Tubular lock picks
  • Fire/Emergency Elevator Key set
  • USB Keylogger and Hak5 Rubber Ducky
  • Hak5 LAN Turtle
  • Pineapple Nano
  • LAN Tap
  • Wafer and Warded Pick Set
  • Laptop or Mobile Device
  • External HD
  • Fake Letter of Authorization / Real Letter of Authorization
  • Props for guises if utilizing social-engineering
  • RFID Thief/Cloner (something that is easy to hide – I often use a clipboard like the one shown above)
  • Camera (or just use your smartphone)

EXAMPLE Red Team Toolkit #2

  • Lock Picks (Pocket) – Common
  • Lock Picks (Backpack) – Expanded Set
  • Under-the-door Tool
  • Shove knife / Shrum tool
  • Crash bar tool
  • Snap gun with interchangeable needles
  • Dimple lock gun
  • Tubular lock picks
  • Hand warmers / Canned Air
  • Leather gloves / Good shoes
  • Fire/Emergency Elevator Key set
  • USB Keylogger and Hak5 Rubber Ducky
  • Hak5 LAN Turtle
  • LAN Tap
  • Wafers and Warded Pick Set
  • Laptop if needed
  • External HD
  • Malicious drops x4 (USB etc)
  • Rogue Access Point (PwnPlug, Pi, whatever your flavor of choice)
  • Hak5 Pineapple
  • 15dbi Wireless antenna (for outside, not something you want to stuff in your bag inside)
  • Nexus 7 with Nethunter, TP-Link adapter etc.
  • Props for guises if utilizing social-engineering
  • Fake Letter of Authorization (as a Plan B and to test incident response) / Do not forget the real letter!
  • RFID Thief/Cloner
  • Camera (or just use your smartphone)
  • Snake camera (a bonus for looking over drop ceilings or floors)
  • Multi-tool

MISC Considerations

  • Various USB cables (A, B, mini, micro, OTG etc)
  • SD Cards, MicroSD cards
  • Smartphone (ear piece if with a team)
  • Consider Body Camera (GoPro / ACE Cameras)
  • Extra power packs / batteries
  • Small flashlight (low lumen)
  • RTFM: Red Team Field Manual

Lock Pick Laws

If you purchase lock picks and bypass tools, it is important that you understand your state’s laws regarding them. Some states are strict about the “Possession of burglary tools” and some could care less. States to consider:

MS, NV, OH, VA – Possession of picks and bypass tools may be considered evidence of criminal intent.

TN – Lock picks and bypass tools are considerably restricted under current law.

** TOOOL is an excellent resource: http://toool.us/laws.html

Advertisements