Secure Ideas recently made the decision to create custom machines that we could use for penetration testing engagements. These machines, called SIAMs, are the Secure Ideas Attack Machines. The machines are custom configured with many different tools that we use during penetration tests and also some of the more common distributions such as Kali Linux, SamuraiWTF, and Mobisec.
When I first started thinking about this idea, it was really to make some things easier when traveling onsite to a client. Having a dedicated machine for the test has many benefits and solves some of the random headaches that crop up while on-site. My initial thought was traveling with a Mac Mini as it is small enough to travel around with. Rather than bringing multiple laptops to a client site, traveling with a few Minis would be just as easy and potentially a smaller footprint.
As the idea matured, it showed many other benefits for both us and the clients. One of the biggest benefits the SIAM machines bring is the ability to do an internal assessment remotely. We can ship one of the devices to the client and it phones home so that we can connect to the internal network and perform the assessment. The biggest visible benefit to this approach is it saves on travel costs. Depending on a client's location, that can be a pretty big savings.
I have spent a little bit of time working on some stickers for the devices. Notice there are some helpful markers to show where some of the ports are right on top. It only took 2 tries to get that right.
In addition to internal penetration tests, these machines are perfect for providing vulnerability scanning services. Sending a device to the client provides the ability to do internal scans that would not normally be available from the outside.
Need an internal penetration test without the travel costs?
Our SIAM devices can be shipped to your location and connected to your network, allowing our team to perform a full internal assessment remotely. Reach out to discuss an engagement.
Talk to Our Team