October 1, 2009

A couple weeks ago, I went out of town for an extended stay. Being the technophile that I am, I naturally brought multiple laptops, cables, memory sticks, a power strip, a wireless router, and much, much more. Getting through airport security was a nightmare because of the bulk. As a result, I decided I wanted to reduce my load and, at the same time, have the flexibility to keep hacking.

I know that there has been a lot of virtual pages dedicated to minimalism surrounding computer gear, especially when related to traveling. In order to deviate from that discourse, I have found it necessary to quantify my needs and goals a bit different than others. ..

My goal is to: identify those items that are useful in conducting a professional penetration test on the road, and then find a way to minimize the weight and volume of equipment.

Some additional constraints on the project was that I could not assume access to a power source or the Internet. I also added in the difficult task of anonymity, which immediately eliminated cell phone and Internet EVDO cards (we’re looking into data tethering on pay-as-you-go phones, assuming we can do so without revealing our identity).

Me and some friends did some (very quick) brainstorming, and came up with the following list:

Hardware

• lockpicks (Southord MPXS-62)
• netbook (eee PC 1000H)
• extra netbook battery
• netbook bag (Targus CityGear (TSM097US))
• universal memory card reader (SanDisk ImageMate All-in-One)
• multiple memory cards (SD: 8GBx2, 2GBx2. Thumb: 1GB, 4GB)
• international power adapter
• extension cord (non-grounded)
• Surge protector (Dynex 3-socket outlet / surge protector)
• P&S digital camera
• paper / pencil
• electrical tape
• multi-purpose tool (leatherman)
• solar panel / charger
• portable hard drive (Western Digital 500GB)
• small toolkit
• ultra-thin DVD drive (uses USB for power source)
• ethernet cable
• iPod Touch w/ USB cord (optional)
• earjacks (included w/ optional iPod Touch)
• caffeine pills (or instant coffee / tea packets)
• wifi map of the region
• Pre-packaged meal (e.g. MRE)

Software

• Microsoft OS installed
• BackTrack installed on bootable Thumb Drive
• VMware and a Linux Distro (probably BackTrack again)

Digital Documents

• TBD

Internet Access
The problem of Internet access can be somewhat mitigated through the use of open access wifi, but that does restrict mobility to metropolitan areas. I have an ulterior desire to be able to use this setup when camping, but until there is a way identified that will permit access to the Internet within the constraints of this project, the use of wifi points becomes a necessity.

Power
Keeping the laptop charged is a different problem. I have included a solar power kit in the list to provide a method of charging the netbook and iTouch charged when power is absolutely unavailable. Within a metropolitan area, power isn’t as much of an issue, since coffee shops and some restaurants have outlet access; one of my favorite sources of power is a mall, which often have benches near power outlets in the center of the halls (for kiosks that need power).

iPod Touch
The inclusion of the Touch has been debated as to its value in the list. The disadvantage to the Touch is the cost, additional power demands, and need to bring an additional cable (at a minimum). There is also an expectation that the Touch will be jailbroken, in order to extend the tools available and to provide access to the underlying operating system. The need to jailbreak the Touch is also considered a disadvantage; it has also been argued that a jailbroken phone could provide almost the same functionality as a netbook.

My desire to include the Touch is to provide a quick method of wifi detection/connection and Internet access for those times when breaking out the netbook is less than ideal (especially in social-engineering situations).

Other Thoughts
Disk encryption - In the future, I will look into full disk encryption of the netbook’s hard drive.

Extension Cord & Surge Protector - the Eee PC does not require a ground. I also use an AC/USB power adapter and a Linksys mobile router on occasion that also does not require a ground. Depending on the power source, a non-grounded extension cord will provide me with multiple outlets for all of my devices, should I decide to include them. An optional Dynex 3-outlet surge protector can be included in the kit.

Clothing - While clothing may be considered outside the scope of a Hacker BOB,  the inclusion of gloves may be appropriate, depending on the circumstances.

External Antenna - Up for inclusion is a “pringles can” antenna and USB wireless card which can accept the antenna cable. The arguments against it is the size, but the utility of having the antenna may definitely outweigh the bulk issue. Another possibility is a long-range USB WiFi adapter, such as Wi-Fire.

Follow-ups
To determine the effectiveness of this list, I will attempt to restrict my personal computer use to the aforementioned kit for things other than work. Updates to this project will be included in this post.