Penetration testing devices

A rubber ducky looks like a normal USB stick but can be used for malicious purposes by threat actors. A Rubber Ducky can be used to conduct various tasks such as obtain passwords as well as transfer files between machines to further compromise your laptop/desktop. Even if USB devices are blocked on the computer, a rubber ducky can still be utilised as the computer thinks a keyboard is being plugged in. Therefore, it is strongly advised that only trusted USB devices are plugged into your machine and you should never utilise a USB that has been found.

A Wi-Fi Pineapple is another device that is used within penetration testing. This can launch a de-authentication attack against a network and then create an alternative network connection that forces users to re-authenticate. These credentials are obtained by the malicious user and can then be utilised to gain access to the internal company network. Individuals should be extremely cautious about connecting to public networks that do not contain any password (coffee shops, airports). Additionally, if the network you usually connect to states that it is open, and no password is required you should confirm with an employee that this network is safe to connect to. Another mitigation technique is to use a VPN when connecting a to a public network as this will encrypt all traffic resulting in password unable to be obtained by the Wi-Fi pineapple.

A LAN Turtle is another hacking device that is plugged into the USB slot of a device while an ethernet is plugged into the other end. This can be used to obtain sensitive information through the device using a technique known as Man In The Middle. This device will not disrupt the connectivity of the device and can be left for months without being detected.