Personal Research & Testing Equipment

research Apr 12, 2020

A while ago I purchased a few things to help me with security research. So here's a post on the devices which I purchases and how they can help with security research and testing.

Disclaimer

You must only use these devices on systems and networks where you have authority or permission to do so. Doing otherwise will likely lead you to face trouble with the law. I will not be held accountable if anyone decides to use these devices for purposes other than for security research or testing purposes.

WiFi Pineapple (Nano)

WiFi Pineapple Nano

This is by far my most favorite of the bunch! There is simply so much that you can do with this, especially when you are mobile. I have the nano which the smaller of the 2 models (the tetra being the other model). The WiFi Pinapple is a pentesting device which is used for in the aid of wireless based testing. It helps detect existing wireless networks, along with wireless access points (APs) which devices are trying to connect to. It then allows you to stand up APs of your own.

Along with this there are loads of modules which you can use as well, to cover things such as DNS spoofing to all even performing Rickrolling on victims. I've used this in several demonstrations on the importance of using HTTPS to mimic how a rogue access point (AP) can be used to Man-in-The-Middle (MiTM) unsuspecting victims. To be honest I really need to spend a lot more time using this device. As I mentioned there are loads of modules which are available, meaning that there is just so much that you can do with this device. It really is an excellent piece of kit.

Granted it's not cheap, but if you can afford it, it's well worth the price. Another note, you can possibly achieve the same with something like a Raspberry Pi, but this will involve extra time and effort to do so. So part of the cost covers the ease of operability that is provided with the device. You can purchase this device from Amazon or directly from Hak 5.

The great thing about the antennas, especially having 2 as well, is that you can switch them out for antennas which may have a longer range. I went for 2 additional antennas which I got off Amazon which were pretty cheap:

WiFi Pineapple with custom antennas.

Raspberry Pi

Raspberry Pi

This really is an excellent piece of kit, which has so many uses far beyond any security research tools. Heck it's even been used to help brew beer! The Raspberry Pi has been around for a few years now and has now several models which have improved upon one another over time. The current model is the Raspberry Pi 4 Model B. I only have a Raspberry Pi 3 Model B, which is sufficient for my needs. This device is basic single board device, so you will need to purchase things such as a case as well. I went for a plain black case to try make it look like a device one would typically have installed on their premise. The idea behind this is to attempt to make this an implant device, a device which can be placed on a network and then used to obtain network traffic from the network:

Raspberry Pi in case

For my setup I used the Raspberry Pi version of Kali. I did try get disk encryption working, but had several issues trying to get it to work correctly. Obviously disk encryption is important when using this as an implant device (since the SD card can simply be removed, mounted and its contents read). This was a few weeks ago so I'm hoping that this has been addressed somewhat by now. Additionally, later versions of the Linux kernel now have in built support for Raspberry Pi 4 models so this should mean that normal Linux distributions should work with these models. Given the flexibility of these devices, one's imagination is likely going to be the limitation as to what you end up using the device for.

Purchasing these devices can be done through several channels, but I would recommend either Amazon or The Pi Hut.

Raspberry Pi Zero

Raspberry Pi Zero

As the name suggests, this product is developed by the same folk who developed the Raspberry Pi. The Pi Zero is a lighter weight version of the Raspberry Pi, and makes for an excellent, cheap, implant device via a HID (Human Interface Device) connection (making the device appear to be something such as a keyboard). If you pair this up with a USB adapter and P4wnP1, you onto a winner in my opinion. This gives you so many options as an implant device. Make sure that you get the wireless version of the Pi Zero though. This allows P4wnP1 to stand up an AP which you can then remotely connect to and control your implant device! This allows you to do things such as trigger scripts remotely (yep open Windows calc remotely!) or do things such as capture screenshots remotely. Word of advice on the USB adapter, if you are going to use this for serious research, be careful which USB adapter you use. The one I have has a blue LED which lights up. This will no doubt make things really suspicious:

Pi Zero with USB adapter lit up

The device itself can be purchased via Amazon or The Pi Hut. I bought the USB adapter from Amazon, but sellers on eBay also have some on offer as well, although choices are pretty limited. Also be aware some actually require you to solder the adapter to the Pi Zero itself.

WiFi HID Injector USB Rubberducky

Lastly, is the WiFi HID Injector USB Rubberducky. As the name stands for Wireless HID, it will function much like the Pi Zero setup I outlined above. The difference being that the software for it already comes pre-loaded and there's even an Android App that you can use with it.

You can get your hands on one via Amazon.

Wrapping Up

Also something useful is somewhere to put all the kit! Getting a decent kit bag can be really help for storing all your kit in as well as a means of protecting them. I got mine off Amazon and allows me to have something that I can carry all my kit around in as well as other things such as cables, portable chargers, and reference books.

Sean Wright

Lead Software Security Engineer and OWASP chapter leader, with special interest in web based security as well as TLS security (views are of my own and not of my current employer).

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.