Pierluigi Paganini June 17, 2016

“The WarBerry was built with one goal in mind; to be used in red teaming engagement where we want to obtain as much information as possible in a short period of time with being as stealth as possible. Just find a network port and plug it in.” states the description of the project published on GitHug. “The scripts have been designed in a way that the approach is targeted to avoid noise in the network that could lead to detection and to be as efficient as possible. The WarBerry script is a collection of scanning tools put together to provide that functionality.”

Source – HelpNet Security

How does it works, once connected the WarBerry Pi to the target network, it has the capability to remain silent and collect information on the internal traffic by collecting IPs, MAC addresses and hostnames.

Such kind of devices is very insidious, they could represent a serious threat to any environment, once deployed they could be used by attackers to remote exfiltrate information. In the past, we have seen how to hide a Raspberry Pi in an ordinary laptop power brick, an object very common in any office and realizing in this way a physical backdoor into the network.

The project WarBerry Pi was published on Github provided instruction on its usage, once installed in the network an attacker can access it through SSH and check the data collected by the device that is stored in a specific folder dubbed “Results”.

The device highlights the importance of the physical security in any environment, the WarBerry Pi was designed to train blue teams to monitor for a possible intrusion in the network and block it.