Quite often, penetration testers tend to plant a tiny, special box within an organization's network. These are known as network implants, and are sometimes referred to as PWN boxes. Network implants allow an attacker to establish a connection from the internet to a corporate network, by connecting to the implant tool as shown in the following screenshot:
The following is a photo of a network implant that can be inserted to intercept network traffic. This device is capable of capturing live packets and storing them on a USB flash drive. It has remote access capabilities that can allow a penetration tester or system administrator to remotely access the device, thereby allowing the user to remotely perform various tasks on the network. This little device is called the Packet Squirrel, and was created by Hak5:
Additionally, there's another device that looks like a USB Ethernet adapter. This so-called Ethernet adapter is also another network implant that allows a penetration tester to remotely access a network and perform various tasks, such as scanning, exploitation, and attack pivoting. This little device is called the LAN Turtle, another amazing piece of gear that was produced by Hak5:
Over the past few years, the Raspberry Pi (www.raspberrypi.org) was introduced to the world of computing. Today, many institutions, organizations, and households use the Raspberry Pi for many projects, from learning, to programming, to home security monitoring systems. The possibilities are endless with this little credit card-sized computer:
However, there are many operating systems that are currently available to the Raspberry Pi, one of which is the Kali Linux ARM image (https://www.offensive-security.com/kali-linux-arm-images/). Imagine the possibilities of loading Kali Linux into this portable device, planting it into an organization's network, and setting up remote access. The results of such a scenario would be grave if it were perpetrated by a real attacker, but a penetration tester would be able to help their client a great deal by showing them how vulnerable they are to attacks launched from within the internal network.
There are so many devices and gadgets that facilitate penetration testing that the possibilities are limitless. In the next section, we will be covering the fundamentals of NAC.