10 gadgets every white hat hacker needs in their toolkit
- 19 December, 2016 05:18
Picture: Paul Sobczak (Flickr)
A ‘white hat’ is an ethical computer hacker or cyber security expert. White hat hackers often conduct exploratory testing to ensure an organization or computer system is properly protected.
There are gadgets that can be used to conduct this type of hack, helping the white hat conduct security audits and measure the technical assessment of a system or application.
Most of this hardware was designed for security research or projects. Here are ten you might want to use as an ethical hacker.
1.Raspberry Pi 3
Third generation Raspberry Pis are now available. These low-budget computers can be simple and effective tools for online testing. In security audits, Raspberry Pi can act like a Swiss army knife for penetration testing (aka pen testing), carrying out controlled attacks in order to identify any vulnerabilities in the system. A classic way of using a Raspberry Pi would be with its appropriate battery pack, a pen testing distribution, likeKali Linux and applications like FruityWifi and open source tool to audit wireless networks.
2. WiFi Pineapple
This set of tools for wireless pen’ tests is very useful for various types of attacks, such as the classicMan-In-The-Middle. Through an intuitive web interface, it connects using any device. Its ease of use, workflow management, and the detailed information it provides offer the possibility of emulating different kinds of advanced attacks. As a platform, WiFi Pineapple also uses many modules, which are continually being developed by the user community, and can be installed free of charge directly via the web interface.
3. Alfa Network Board
As a classic WiFi board for injecting packets, the Alfa is great due to the quality of its materials, and for its use of chipsets which can be set to monitoring mode – a requirement for wireless audits.
4. Rubber Ducky
This “special” drive works as a programmed keyboard in the shape of a USB drive. When plugged into a computer, it starts writing automatically to launch programs and tools which may either be available on the victim’s computer, or loaded onto the drive's onboard Micro SD, in order to extract information.
5. LAN Turtle
This type of system admin and pen’ test tool provides stealthy remote access, as it stays connected to a USB port covertly. It also allows users to harvest information from the network and has the capacity to execute a Man-In-The-Middle attack.
6. HackRF One
This tool installs a powerfulSDR(Software-Defined Radio) system – a radio communication device which installs software to be used in place of typically installed hardware. This way, it is capable of processing all kinds of radio signals ranging from 10 MHz to 6 GHz from a single peripheral, which can be connected to the computer via a USB port. As an open source hardware platform, HackRF One can be used as a USB peripheral or programmed for stand-alone operation.
7. Ubertooth One
Ubertooth One is an open-source 2.4 GHz code development platform for experimenting with Bluetooth, enabling users to appreciate the different aspects of new wireless technologies.
8. Proxmark3 Kit
The Proxmark3 can read almost any RFID (radio frequency identification) label, as well as clone them and sniff them. It can also be operated in standalone mode (i.e. without a PC) through the use of batteries.
9. Lock picks
Lockpicking is the art of opening a lock or a physical security device by analysing or manipulating its components logically, without the original key. There are a many sizes and formats, which in many cases can threaten physical security, which can facilitate pen testing.
An old classic for logging keystrokes, this device can be connected via USB or PS/2 and create a stealthy connection between the keyboard and PC, logging every keystroke. Of course, it tends to go undetected by most security systems.
With this full list of devices, it may help and white hat hackers to finally have a point of entry to target something that seemed impenetrable before.
Lucas Paus is Senior Security Researcher at ESET