Secure Ideas recently made the decision to create custom machines that we could use for penetration testing engagements. These machines, called SIAMs, are the Secure Ideas Attack Machines. The machines are custom configured with many different tools that we use during penetration tests and also some of the more common distributions such as Kali Linux, BackTrack, SamuraiWTF and Mobisec.
When I first started thinking about this idea, it was really to make some things easier when traveling onsite to a client. Having a dedicated machine for the test has many benefits and solves some of the random headaches that crop up while on-site. My initial thought was traveling with a Mac Mini as it is small enough to travel around with. Rather than bringing multiple laptops to a client site, traveling with a few mini’s would be just as easy and potentially smaller footprint.
As the idea matured, it showed many other benefits for both us and the clients. One of the biggest benefits the SIAM machines bring is the ability to do an internal assessment remotely. We can ship one of the devices to the client and it phones home so that we can connect to the internal network and perform the assessment. The biggest visual benefit to this approach is it saves on travel costs. Depending on a client’s location, that can be a pretty big savings.
I have spent a little bit of time working on some stickers for the devices. Notice there are some helpful markers to show where some of the ports are right on top. It only took 2 tries to get that right.
In addition to internal penetration tests, these machines are perfect for use with the MySecurityScanner (http://www.mysecurityscanner.com) service. Sending a device to the client provides the service the ability to do internal scans that would not normally be available from the outside.
James Jardine is a Principal Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at email@example.com or visit the Secure Ideas – Professionally Evil site for services provided.