Tactical exploitation with Warberry Pi

WarBerry Pi was built for red team engagements where it’s essential to obtain as much information as possible in a short period of time, while going undetected. All you need to do is find a network port and plug it in.

WarBerry Pi has the capability to remain silent and observe what is happening on the network by sniffing IPs, MAC addresses and hostnames. It creates a profile that fits what’s normal for the organization, and that allows it to remain hidden.

“The low cost of a device running Warberry Pi makes it expendable. You can put it in place, exfiltrate the data from a remote location, all without the need to recover the device,” SecGroundZero, the author of Warberry Pi, told Help Net Security.

Physical security is often neglected or not as heavily researched and invested in as logical security. The developer tells us that the main motivation behind the development of the WarBerry Pi was to help corporations understand that hackers are not always hidden behind computer monitors – they could also walk into your premises.

“Through the use of WarBerry Pi we train blue teams to be on the lookout and to identify such activity inside their network in order to block it and protect their organization,” SecGroundZero added.

The biggest challenges were finding a way to be stealthy once inside a network, and implementing the ways to bypass any restrictions such as static IP filtering, MAC address filtering, and network access controls.

Additions such as active Wi-Fi and Bluetooth attacks will be released soon, but what users will probably be most interested in are the offensive modules. They leverage all the gathered information to actively attack hosts on a network.