What’s in my bag – The Hacking Dojo

What’s in my bag

One of the questions I get now and then relates to contents in my backpack when I go onsite for an internal pentest. I figured a formal blog post might provide some assistance for others interested in developing their own list, or provide some insight on what goes on during an internal pentest. One thing I want to note is that I actually have three different “kits” that perform different functions. These three kits are 1) Network Pentest, 2) Wireless Pentest, and 3) Personal kit. In this blog, I’m only going to cover the first kit, since it’s the one I use all the time for work:

Computers

  • Laptop – Windows work computer
  • Hacktop – Kali Linux
  • iPad w/ ZAGG Portfolio (I keep a wiki-type app (Trunk Notes) with pentesting notes on here for reference)
  • Pwn Plug R3 (optional)

Cables / Power Cords

  • Laptop power cord (x1) (share a single cable between both laptops)
  • Pwn Plug R3 power cord
  • HDMI cable (optional – for Pwn Plug)
  • Lightning power cable (for iPad and personal iPhone)
  • Wall charger for USB cables
  • 12v USB adapter (for rental cars)

Computer Add-Ons

  • Portable hard drive containing passwords (optional – if I will have access to my backend hacking server I leave this at home)
  • USB thumb drive (x2)
  • Juice Pack power station (mostly used when traveling to recharge iPad / iPhone)
  • Wireless earbuds (to drown out ambient noise mostly, allowing me to focus better)


Personal Items

  • Power bars (x4) (working weird hours often causes me to be unable to find food or heat something up)
  • Soup packet (x4) (most places have at least ways to make hot water (coffee machines, etc.))
  • Freeze dried meal (x1) (usually a Mountain House for those times I really need a meal and can’t get one)
  • First aid kit (moleskin, hand warmers, medicine, etc.)

Work Supplies

  • Pen flashlight (Coast HP4)
  • Ballpoint pen
  • Sharpie
  • Roll of quarters (used for vending machines onsite and washing machines at the hotel)
  • 20 oz cup w/ lid (I prefer collapsible cups, like those you can get for hiking)
  • Company ID

Backpack

  • Swiss Gear Ibex (works great)

A couple notes I’d like to mention with this list… I have extra room in the bag to store a light jacket (working in data centers suck), or add additional things to make my life more comfortable during my stay onsite and depending on where I’ll be working… gloves, water, extra food, whatever helps. I swear by the extra food I include in my bag (power bars, soup, freeze dried meal) – I’ve been stuck in the middle of the night without access to a cafeteria or local fast food for my midnight “lunch break.” The roll of quarters allow me to do laundry on the weekend if I’m onsite for a couple weeks (my record was three weeks so far). I don’t like to carry the juice pack due to the weight, but found it a necessary evil since I don’t get many opportunities to charge my iPad / iPhone at airports… it’s getting better, but often charging stations are crowded so I rely on bringing my own power. One other note is I try to keep my pack as light as possible (which is why I only carry one power cable for the laptops). I’m always looking for ways to slim down the weight (like my recent removal of wireless headphones for wireless earbuds), since I’m always bringing my pack onto the flight as a carry-on.

If I can, I make sure that I have a Kali image online on one of my servers so I can remotely connect and do some of the heavier CPU-intensive activities there (password cracking especially). I found that the Pwn Plug is a good addition when it’s just me onsite and there are a lot of things I need to do (scans especially)… having two pentesting platforms has been a godsend on multiple occasions.

Also, in case people wonder about the laptops, the work laptop is just that – what I use for corporate communication / powerpoint / etc. The other laptop is a Windows 10 system with VMWare hosting Kali and Nessus images, which allows for quick reloads back to clean images (wiping out sensitive data). I use both USBs to back up data (creating two copies just in case), and use the Win10 with VMware to also write reports on the main system.

Subscribe to the Hacking Dojo
Newsletter

One subscriber will win a Lifetime Membership
each month. Sign up now to enter!

* indicates required