When performing an onsite physical intrusion assessments where I need to be as covert as possible, I created a “lite” toolkit that has the basics of everything I’ll need, without use of a backpack. These items are small enough to conceal within whatever I’m wearing, and generally get the job done.
- Notepad and Pen – This should be pretty obvious.
- Food– This helps to naturally suppress the “fight or flight” response when the adrenaline/nerves kick in.
- Cigarettes – Hang out in the smoke-break area; make a friend; tailgate.
- Fake HID badge in sleeve – To gives my guise some credibility.
- USB Rubber Ducky – I have a couple of MicroSDs with various payloads – (I have since upgraded to a Hak5 BashBunny.)
- U3 USB Storage – Storage of course…
- LAN Turtle – With reverse_tcp payload, connecting to a listener
- Mini-laptop – Running uBuntu
- Wifi Pineapple Nano – For client-side wireless attacks
- Lockpicks and Bypass Tools – Shrum tool, shove knife, Creeper lock pick cast, custom lock pick set, plastic door shims
For a more comprehensive list of tool kits that we often use, check out: https://wehackpeople.wordpress.com/2017/02/01/red-team-toolkits/