Documente Academic
Documente Profesional
Documente Cultură
Tim lies good, does stuff, has a real (sharp) ninja star, Brent has held very heavy (dinner) roles in information
phenomenal high kicker, and are good with computing security, protecting the cybers, cybering, and has his
well, English. own cell phone.
wehackpeople.com
WHAT DO YOU MEAN “RED TEAMER”?
Social Engineering
• Onsite efforts to gain a better understanding of the human risks associated with face-
to-face interaction.
• Fake badges, client-side attacks, etc. Lies! So many lies! USB drops, card cloning, key
loggers, so many options…
• Remote / Pretexting: OSINT, Google Maps,Vishing, Phishing
If hacking is in scope
• Go in quietly and stay quiet with evasion techniques!
SECURITY AWARENESS / INCIDENT
RESPONSE TESTING
Elliot Alderson
OVERT ASSESSMENTS
Hybrid assessments include multiple assessment types such as social engineering, wireless,
network, application and physical testing
• Utilizing information from one attack vector to gain a foothold and/or assist in other attack
vectors.
• Inside man / Outside man
• How can the external attacker help the internal attacker and vice-versa?
• Drops, rogue APs etc.
• External man can set up a rogue wireless AP, grab creds through phishing and then pass
those along.
BOLD VS. SAFE
Professional liar
• Playing the part
• Being able to talk your way into an area or out of a situation
• Convincing employees to do things outside of the norm
CLIENT COLLABORATION
Minus the patches and pins when on-site – All of the below fits in a single bag
The point of the photo is to show how much can fit in one bag. I have added a blurb
to further indicate the usefulness of said photo.
EXAMPLE TOOLKIT
Note: The lists coming up are not intended to be comprehensive, but a quick
reference for red team specific toolkits - which often include a combination of
technical devices and physical tools in relatively small bags.
Many tools commonly utilized in on-site social engineering, covert physical security
assessments and red team assessments may not be listed below. Although there are
popular vendors for specific tools, alternatives may exist.
Red Team Toolkit Example #1
• Lock picks (pocket) - commonly used picks, wafer and warded pick set
• Under-the-door tool
• Canned air, hand warmers (request-to-exit bypass, etc.)
• Shove knife/shrum tool
• Crash bar tool
• Dimple lock gun
• Tubular lock picks
• Fire/emergency elevator key set
• USB keylogger and Hak5 rubber ducky
• Hak5 LAN turtle
• Pineapple nano
• LAN tap
• Laptop or mobile device
• External hard drive
• Fake letter of authorization (as a plan B and to test incident response)
• Real letter of authorization
• Props for guises if utilizing social engineering
• RFID thief/cloner (something that is easy to hide - I often use a clipboard like the one shown in the picture above)
• Camera (or just use your smartphone)
EXAMPLE Red Team Toolkit #2
• Lock picks (pocket) - common
• Lock picks (backpack) - expanded set
• Under-the-door tool
• Shove knife/shrum tool
• Crash bar tool
• Snap gun with interchangeable needles
• Dimple lock picks, Tubular lock picks, Fire/emergency elevator key set
• Hand warmers/canned air/vape/whiskey? J
• Leather gloves/good shoes
• USB keylogger and Hak5 rubber ducky
• Hak5 LAN turtle, LAN tap
• Wafers and warded pick set
• Malicious drops x4 (USB, etc.)
• Rogue access point (PwnPlug, Pi, whatever your flavor of choice), Hak5 pineapple, 15dbi wireless antenna (for outside, not really something
you want to stuff in your bag inside).
• NetHunter tablet, TP-link adapter etc.
• Props for guises if utilizing social engineering
• Fake letter of authorization (as a plan B and to test incident response)
• Real letter of authorization
• RFID thief/cloner
• Camera (or just use your smartphone), Snake camera (a bonus for looking over drop ceilings or floors), Multi-tool
MISC. CONSIDERATIONS