When people imagine a penetration test, they picture someone on-site — badge on a lanyard, laptop open in a conference room. That still happens, but a large share of internal assessments now run remotely, and the device that makes it possible is the humble dropbox. It is one of the more elegant ideas in the field, and worth understanding whether you run these engagements or defend against the techniques they simulate.

The core idea

A dropbox is a small computer that lives, temporarily, inside the target's network. The client plugs it into an Ethernet port and power; from there it becomes the tester's foothold on the inside. This lets an internal assessment — the scenario where we simulate an attacker who is already past the perimeter — happen without a person physically on-site for the entire engagement window.

The hardware is deliberately unremarkable: a Raspberry Pi for a cheap, disposable unit; an Intel NUC when the work needs real horsepower; or a purpose-built commercial appliance. Whatever the form factor, it runs a standard offensive toolkit and does its work quietly.

The clever part: it calls you