One of the many services that White Oak Security offers is Onsite Social Engineering. As a pentester, I have performed 50+ physical onsite social engineering engagements over my professional career and I always bring my social engineering toolkit. This post will discuss the items I have in my toolkit bag and potentially introduce you to some helpful, handy tools.
Now the following items are what I have included (but not limited to) MY toolkit, these can vary from pentester to pentester.
The Under The Door Tool (UTDT) can be used to open level handle doors from the outside via reaching under the door. This tool is super easy to use, just slide it under the door and work it up over the latch. Once in place, pulling down on the cable will move the handle and open the door. The UTDT is very inexpensive – roughly $30, which makes it a no-brainer for anyone doing social engineering engagements. The one caveat is that it can be fairly big, however, I have gotten it to fit within a larger laptop bag!
I tend to keep a standard set of various lock picks on hand, but also like to include the following:
There are a ton of different companies that offer different setups – but one that comes with most of the items needed is this Tactical Entry Kit from Lock Pick Tools (shown below).
On the RFID side of the house, I like to keep a spare Proxmark3 RDv2 setup. It allows me to clone, emulate, and even brute force RFID cards. Taking it even further – I also include White Oak Security’s own Skim Job toolset if I am targeting low-frequency HID Prox style cards. I also have a couple of blog posts on utilizing this specific Proxmark3.
Other items I tend to consider keeping on hand include (but again, are not limited to the following lists.
I try to keep all of these tools within a larger laptop carrying bag (shown below).
Depending on the engagement and what the client considers to be in-scope the items contained within my social engineering toolkit bag can differ all the time. Typically, when attempting to gain access into a building – I try to keep my setup light, just for quick moving around. Once I establish consistent access, I tend to bring more items in to start testing different controls within the building.