New Training: Physical Penetration Testing
In this 6-video skill, CBT Nuggets trainer Bob Salmans discusses the activities and skills used during a physical pentest. Learn about some of the tools used, including drop boxes. Watch this new CompTIA training.
Watch the full course: CompTIA PenTest+
This training includes:
52 minutes of training
You’ll learn these topics in this skill:
Physical Pentest Documents
Reconnaissance and Planning
Physical Pentest Tools
Continuing From the Inside
Physical Pentest Report
Drop Boxes: Pentesting Toolkits In Tiny Packages
One of the many tools IT security professionals use is a device called a drop box. Drop boxes come in all shapes and sizes and can include different tools. While some companies offer drop boxes as a ready-to-go appliance, many security professionals prefer to make their own. Let's take a look at how this is possible.
Thanks to the evolution of technology, single-board computers (SBC) are now small enough to fit in your pocket yet powerful enough to perform complex computational tasks. The Raspberry Pi (RPi) is a popular example of one of these SBCs. Another example is the Intel NUC.
Many security professionals prefer the RPi due to its cost and power. The RPi comes in a few different configurations, but their biggest differentiator is the amount of RAM that is included. All Raspberry Pis by default support the Linux operating system. That means the RPi can run specific penetration testing focused Linux distros like Kali.
A Raspberry Pi combined with the power of Kali Linux is the perfect combination to create a low-cost, yet powerful drop box. For less than $100, pentesters can make their own security tool that can easily be hidden within a target's IT environment.