Tag Archives: hacking

My Red Team Everyday Carry (EDC)

I was inspired by a few past videos done by such YouTube physical security personalities as the Lock Picking Lawyer, DeviantOllam, and the Not So Civil Engineer and thought I’d share some of the things I tend to have in my pocket every day that can be used for red teaming/physical security types of activities.

The goals of my everyday carry (EDC) are roughly:

  • functionality: things I’ll actually use
  • lightness: things that don’t take up a ton of pocket space and don’t weigh a lot
  • TSA and government facility friendly: things that aren’t illegal to take on a plane or into a courthouse, so that rules out anything with a knife in it
Almost everything I carry on me, minus a face mask, wristwatch, and my wedding ring. Key bitting redacted.

Gerber Shard

The Gerber Shard is a great little tool to keep on your keyring, even if you aren’t into physical security or locksport. It can function as a:

  • Pry bar
  • Small flathead screwdriver
  • Large flathead screwdriver
  • Philips screwdriver
  • Wire stripper and puller
  • Bottle opener (probably what I use it for the most)
  • Bonus: the pry bar side can also be used to cut open the seals on boxes and other things

And since there’s no knife blade or saw on it, it won’t get confiscated by TSA. I’ve had one on my keyring for years. I only recently replaced one I’d used for close to ten years because the bottle opener was getting worn out. I have an unpainted metal one, but it’s also more commonly available in black.

Phone

I feel like this is a pretty obvious one. Besides being a communications and Internet access device, modern smart phones come pre-equipped with plenty of useful apps that can make your phone function as a flashlight, level, measuring stick, distance finder, camera for light surveillance, and much more.

While my daily driver is an iPhone, a rooted Android phone or even one with the Kali NetHunter tool suite installed would offer tons of red teaming functionality on the go. If you’re really simulating an adversary and trying to do zero-attribution, it could even be a prepaid burner phone.

One iOS tool that not a lot of people know about is the old AirPort Utility app. I’m not sure how much longer it’s going to be around, since Apple discontinued its AirPort line of Wi-Fi routers in 2018, but it offers a simple Wi-Fi scanning tool you can use from a non-jailbroken iOS device!

While it’s not as feature-filled as something like Kismet or some of the Wi-Fi scanning tools available for rooted Android (for example, it can’t sniff and unmask hidden SSID’s), it’s great in a pinch if you’re trying to hunt down an AP’s physical location. It can even export a text file of the scan results.

Wallet

I have a very light Bellroy Note Sleeve wallet that I’ve been using for years. It offers a great balance between being able to carry a lot of stuff, but a nice slim profile so my butt isn’t sore after sitting on it for a long time. It has three slots for the cards you use most frequently (for me, my drivers license and two credit cards), plus an inner sleeve where you can throw your less-used cards, such as my insurance card, Sam’s Club membership card, etc. Though I don’t have any on me at the moment, if you’re going zero-attribution, it’s not a bad idea to carry around some prepaid credit or debit cards, and of course cash, for clandestine purchases.

I don’t own a ProxMark or do RFID attacks very frequently, but if you do, it might also be worth carrying common RFID card blanks or even a diagnostic card like the Not So Civil Engineer does.

Lock Picking Tools

In the aforementioned inner sleeve, I have a small vinyl holder where I keep an assortment of various lock picking and bypassing tools.

At the moment, I’m carrying around:

As trendy as Bogotá picks are, I honestly pop locks way faster with the traditional snake rake, which is why it’s a must-have for me. It’s come in handy on more than one real-life occasion, such as one time when my wife and I were locked out of an old rented condo, or when I used to teach a pentesting course at a local community college and they never unlocked the door to my classroom before I arrived.

I could probably strip this down even more, or swap out some of the tools for different ones, but it fits fine in my wallet so far without adding too much bulk. If you’re asking where the hooks and half-diamonds are, I leave those out in favor of rakes because I’m going for speed. If it takes more than a minute to rake, it’s probably not worth pursuing further. Plus, I suck at single-pin picking anyway.

Door Shim

I got this idea from the Not So Civil Engineer. I have a set of oversized super mica door shims in a fancy pouch that I bought off Sparrows years ago. One of the sheets I cut in half and folded over to make a roughly card-sized door shim that I stuff into the banknote pocket of my wallet. The corners are super sharp and I highly suggest you also use scissors to round them off, so you don’t accidentally slice your fingers the next time you’re reaching for your cash.

What this tool is used for is sliding between the doorframe and a locked door and popping open the latch, assuming it either lacks a dead latch or the door isn’t properly installed. The doorframes in my house are very tight, but this shim can still manage to easily slide in between and pop latches open. It does scratch mine up a bit, but these shims are cheap, easy to make, and made to be disposable.

Using the Sparrows mini jim as a guide, I also cut a little notch in one side of my shim so it can double as a jim for external-opening doors as well. I’ve considered making a larger notch, to approximate a Sparrows “hall pass” or “flex pass” jim, but I’m usually quicker and feel I have better control with the small notch. I might also just buy a flex pass, or make my own out of another piece of super mica shim material, in the future. Though I prefer a traveler hook, a shim with this modification is much more portable.

I hope you enjoyed seeing my EDC and I hope it gives you some inspiration for figuring out what tools you could be carrying with you on a daily basis!

Derbycon 2019: Ending on a High Note

As most of you know, this year was the ninth and last Derbycon security conference in Louisville, KY. It was especially bittersweet for me, since it’s my hometown conference…and I just moved back to the area last year, hoping to save some travel money by having a major infosec con right in my backdoor.

The Marriott was a little better prepared this year, though the bar and on-premise restaurant still seemed a little understaffed. I was a little afraid about getting enough tickets for all my friends this year, as I thought this being the final one would mean an even bigger interest in it. This really wasn’t the case, as I had enough tickets for everyone well before September and even knew people who were still trying to sell their spare tickets all the way up to the day of the conference.

Having already blown my corporate training budget on SpecterOps’s excellent Red Team Operations course early in the year (I highly recommend it), I didn’t have any money to buy training this time around.  Dark Side Ops 1 was the only one I was really interested in, having taken their also-excellent Dark Side Ops 2 at last year’s Derbycon.

Being the last year of Derbycon and having most of the Eversec crew in town, I once again reverted to being a CTF zombie.  The only talks I really went to were the keynote and one by Rindert Kramer, from NCC Group’s Fox-IT acquisition in the Netherlands, about his custom LDAP-based C2 channel.  I unfortunately didn’t get to see my friend and colleague David Tulis (@kafkaesqu3) give his presentation on COM hijacking, as it conflicted with my son’s Saturday morning soccer game.

After the keynote and a quick lunch, the CTF room was open for business and we staked out a big table for our ever-growing CTF crew.  Besides the core of former Fidelity Investments pentesters, we had some new friends joining the mix, like Ashley Templet from Avalara, Jack Halon (@jack_halon) from NCC Group, Jeff Macko (@jmacko) from Kroll, old friend but first-time Derbycon attendee Ping (@n0tl33t), and several new faces that our Virginian friend Erwin managed to recruit. If you’re trying to CTF with a big crew like this, communication and organization is absolutely key! Since you probably don’t want to discuss vulnerabilities and attacks too loudly in a room full of your rivals, you need an online means of doing all this. For us, we had a special Slack channel just for CTF discussions and a Trello board for organizing tasks, keeping notes, assigning stuff, etc. We’ve been using Trello for years on CTF’s (I think it was Ray who suggested it) and it’s crucial to sharing info and keeping from duplicating effort on the same challenges.

Like previous years, the first day or so is pretty miserable because of the initial flood of people and skiddies doing dumb shit.  The ESXi server that the CTF team was using to host the challenges even got purple-screened multiple times.  By Saturday, it was behaving much better and we managed to make a lot of progress.  In true CTF zombie fashion, most of us stayed up well past midnight banging away at challenges.  My friend and teammate Ray (@doylersec) was kind enough to let me crash in his room for the night.

The CTF was devilish as ever.  The overarching theme was a parody of Derbycon called “DerpyCon”…which is stealing valor from my buddy Kyle Stone (@essobi) and his old pre-Derbycon house party. There was another, even more expansive MUD than last year, that Ashley spent a ton of time getting flags out of (which can still be played for a few more weeks at http://derbymud.mog.ninja/).

I was going to write up some of the challenges I personally participated in, but our old rivals “spicyweasel” (AKA Nettitude Labs) already posted their usual excellent write-up of the challenges…and they take many more screenshots and keep better notes than me.

But “spicyweasel” didn’t take home the top spot this time. After having chased them for years, Team Eversec managed to come out the winner! Like most of the competitors do every year, we once again donated our prize money to Hackers for Charity.

Thank you Derbycon for nine wonderful years! Thank you Derbycon CTF team for always putting on a great competition and inspiring all of us to put on our own CTFs at our companies and various local cons. And thank you to our rivals, like spicyweasel and SecureWorks’ “Illuminopi” team, for making every competition exciting, tense, and fun. We can only hope we can find another annual CTF as awesome as this one and play against all of you again.