Sometimes, during security audits, we may encounter a situation where everything is being managed correctly. In other words security patches, policies, network segmentation, antivirus, and user awareness, to name just a few measures, are being applied properly. That’s when, in order to continue the analysis from the perspective of a security researcher or consultant, social engineering and a number of other tools, some of which we will look at in this post, start to play more importance, being perhaps the only ones that can allow an attacker to penetrate the target system. Find out which ones are the best true wireless earbuds.
The tools in question are mainly pieces of hardware designed for security research or projects. So here’s a list of the 10 tools every white hat hacker needs.
#1 Raspberry Pi 3
Raspberry Pi 3 Model B. Source: raspberrypi.org
We are now on the third generation of these low-budget computers, which can be used in multiple ways. A classic example in security audits is to use a Raspberry Pi with its appropriate battery pack, a distribution platform like Kali Linux, and applications like FruityWifi, which together act like the Swiss army knife of pen testing.
#2 WiFi Pineapple*
Source: WiFi Pineapple
This set of tools for wireless penetration tests is very useful for various types of attacks, such as man-in-the-middle attack. Through an intuitive web interface, it enables you to connect using any device, such as a smartphone or a tablet. It stands out for its ease of use, workflow management, the detailed information it provides, and the possibility it offers to emulate different kinds of advanced attacks, which are always just a couple of clicks away.
As a platform, WiFi Pineapple allows the use of a great many modules, which are continually being developed by the user community, thus adding new features that widen its scope of functionality. The icing on the cake is that these modules can be installed free of charge directly via the web interface in a matter of seconds.
#3 Alfa Network Board*
A classic Wi-Fi board for injecting packets. The Alfa stands out for the quality of its materials, and for its use of chipsets which can be set to monitoring mode – a requirement for wireless audits.
#4 Rubber Ducky*
Source: USB Rubber Ducky
This “special” pen drive is a device that works as a programmed keyboard in the shape of a USB drive. When you plug it into a computer, it starts writing automatically to launch programs and tools which may either be available on the victim computer or loaded onto the drive’s onboard Micro SD, in order to extract information.
If you watch the hit TV series Mr. Robot, you’ll likely remember that in the second season Rubber Ducky is a crucial ally for Angela, helping her gain access to an E Corp executive’s passwords.
#5 LAN Turtle*
Source: LAN Turtle
This type of systems admin and pen-test tool provides stealthy remote access, as it stays connected to a USB port covertly. Besides this, it allows users to harvest information from the network and has the capacity to execute a man-in-the-middle attack.
#6 HackRF One
Source: Great Scott Gadgets
This tool installs a powerful SDR (Software-Defined Radio) system. In other words it is essentially a radio communication device which installs software to be used in place of typically installed hardware. This way, it is capable of processing all kinds of radio signals ranging from 10 MHz to 6 GHz from a single peripheral, which can be connected to the computer via a USB port.
#7 Ubertooth One
Source: Ubertooth One™
This device is an open-source 2.4 GHz code development platform for experimenting with Bluetooth, enabling users to appreciate the different aspects of new wireless technologies.
#8 Proxmark3 Kit
Source: Hacker Warehouse
The Proxmark3 is a device developed by Jonathan Westhues that can read almost any RFID (radio frequency identification) label, as well as clone and sniff them. It can also be operated in standalone mode (i.e. without a PC) through the use of batteries.