A new evolution of the Raspberry Pi device, the WarBerry Pi, could become a key component for red teams who want to test network security as stealthily as possible.
According to the project's description on GitHub , the WarBerry was designed with one goal in mind, "to be used in red team engagement where we want to obtain as much information as possible in a short period of time with being as stealth[y] as possible."To use the WarBerry, which is based on the popular credit card-sized Raspberry Pi computer, you merely find a network port and plug it in. The developer of the project, SecGroundZero, says the device's scripts have been created in a way to reduce network noise as much as possible, which in turn will -- hopefully -- keep the device hidden and able to avoid detection.
The WarBerry is laden with scripts which have stealth in mind, and once connected to a network, will sniff packets and monitor network activity. Some of the data collected by the device includes IP addresses, MAC addresses and hostnames.
Once hooked up to a network, the user can remotely access the WarBerry through an SSH tunnel and review information collected on the network and stored in the "results" folder.
Such devices have value in the penetration testing world as they can gather network information quickly and without fuss, and they can also be used as a stealthy way to test a business' employees and security practices.
Red teams are sometimes asked to try and infiltrate a business network -- whether through the web or physically through social engineering -- and entering a property to install a WarBerry could one of these tasks.
SecGroundZero told Help Net Security :
"The low cost of a device running Warberry Pi makes it expendable. You can put it in place, exfiltrate the data from a remote location, all without the need to recover the device. Through the use of WarBerry Pi we train blue teams to be on the lookout and to identify such activity inside their network in order to block it and protect their organization."
The developer has stipulated the WarBerry is for use in academic and tester settings only with permission from network owners, and will, therefore, take no responsibility for the device being used for more nefarious purposes. However, the device is only one of many which are available to cyberattackers today which can be twisted for other purposes.