In IT and Cyber security, penetration testing or “pen testing” for short, is a necessary activity for discovering and revealing network vulnerabilities.
One company known for it’s pen testing tools is Hak5. They have a number of informative videos discussing IT security and pen testing techniques as well as offering products designed with both security testing and hacking in mind.
Audit vs Attack
An inherent challenge then, is that many of the same tools available for testing cyber defenses are also usable for defeating security. Any cyber security consultant should undoubtedly be aware of these tools, but it is also important for anyone concerned with network security to be on the lookout for any related devices that might show up in unauthorized hands or in inappropriate locations (such as connected to your own computer for instance).
A recent addition to the Hak5 product line up is a device they call the Bash Bunny (just in time for Easter), but this device could be used to bring your network down with minimal chance of resurrection.
Hak5 explains: The best penetration testers know that with the right tools and a few seconds of physical access, all bets are off. Hak5 has been developing just such tools – combining lethal power with elegant simplicity. Now, with the Bash Bunny, we’re taking pen testing to the next level…
Exploiting local network attack vectors, the Bash Bunny emulates specialized USB and Ethernet adapters. This is done in such a way that allows the Bash Bunny to be recognized on the victim computer as the fastest network automatically – locked or unlocked. The computer will instantly trusts the Bash Bunny with its network traffic – enabling a plethora of automated pocket network attacks undetectable by the existing infrastructure.
Penetration testing attacks and IT automation tasks can be delivered in seconds with the Bash Bunny. It can emulate combinations of USB devices, such as gigabit ethernet, serial devices, flash storage, and keyboards. Unknowing computers can be tricked into divulging data, exfiltrating documents, and many more exploits.
Tool or trouble?
If you are involved with authorized pen testing, these may be great tools for you. But you should also be on the lookout for any such tools appearing in your facility. Even discovering such an item laying on a desk or among personal items may be cause for suspicion:
- what has it been used for?
- who had access to it?
- is it authorized?
During our TSCM sweeps we often come across items like this, sometimes they are authorized but sometimes not.
What to look for:
Of course, there are many legitimate USB devices in use all the time. What could cause device to appear suspicious? You might look for some of the following:
- On/off switch. Memory sticks usually do not have an on/off switch.
- LED lamp. They could be present just to show that data is being transferred, but they sometimes reveal various other features through blinking in certain patterns or changing colors.
- Antenna. Common wireless adapters may fall into this category- but you should know if any wireless adapters should be on your own computers. Finding an unknown devices with antennas may indicate other suspicious purposes.
- Devices with labels removed or covered over could be a sign that the true purpose was being disguised.
Bash Bunny Pen Testing Device
Voice recorder disguised, and functioning, as a USB memory stick.
“Pineapple” wifi pen-testing device.
LAN Turtle pen testing device that can enable Man-in-the-Middle attacks, with disguised label, installed in network rack.
Many of Hak5’s videos can be educational when it comes to understanding the threats and potential attacks that networks face. IT and Cyber security directors should be familiar with their products as well as devices from similar companies.