feasibility and deployment of bad usb
play

Feasibility and Deployment of Bad USB Stella Vouteva, System and - PowerPoint PPT Presentation

May 25, 2023 •234 likes •359 views

Feasibility and Deployment of Bad USB Stella Vouteva, System and Network Engineering Master research project University of Amsterdam Introduction Main elements of security Social Engineering Bad USB Goals Run attack(s) in less

  1. Feasibility and Deployment of Bad USB Stella Vouteva, System and Network Engineering Master research project University of Amsterdam

  2. Introduction  Main elements of security  Social Engineering  Bad USB

  3. Goals  Run attack(s) in less than 10 seconds  Attacks should work on user without admin rights  Download an executable that can bypass Windows UAC and AV programs and run it  Obtain access to the compromised device from a Kali Linux machine  Installation of a root certificate on the Windows machine  Add a backdoor

  4. Tools  Arduino  Victim #1: Lenovo Z50-70 laptop with Windows 8.1  Victim #2: Windows 7 Ultimate VM  Kali Linux machine

  5. Endpoint security circumvention  Time benefits  Confidentiality  Integrity  Availability

  6. Feasibility requirements  'Typed' without human or mouse intervention  Timing  Assumptions  Security threat considerations

  7. Logon bypass on locked computers  Kon Boot  Recovery disk/ Advanced options  Booting from another OS  Feasibility

  8. Unlocked computers exploitation  File Download  FTP, HTTP, SFTP?  Bypass UAC and AV  Veil-Evasion  Remote access  MSFVenom  Payloads  Privilege escalation  MITM  mitmproxy  Keyloggers  Persistent backdoor  Feasibility

  9. Scenario  Preparation  Create an .exe file using Veil-Evasion  AES encryption  MSFVenom  Reverse TCP  Allow SSH to the Kali machine  Execution on the victim computer  Plug the Arduino  Kali Linux machine attacks  Persistent backdoor  Bypass UAC  Keylogger  Migrate process

  11. Conclusion  Feasible for unlocked computers (with limitations)  Unfeasible for bypassing login screen

  12. Questions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FEASIBILITY STUDY ON DEPLOYMENT OF FEASIBILITY STUDY ON DEPLOYMENT OF THE FIRST UNIT OF RUTA-

FEASIBILITY STUDY ON DEPLOYMENT OF FEASIBILITY STUDY ON DEPLOYMENT OF THE FIRST UNIT OF RUTA-

International Conference on Non-Electric Applications of Nuclear Power: Seawater Desalination, Hydrogen Production and other Industrial Applications 16 19 April 2007, Oarai, Japan FEASIBILITY STUDY ON DEPLOYMENT OF FEASIBILITY STUDY ON

431 views • 21 slides
The deployment of Wireless Networks in The deployment of Wireless Networks in High Voltage

The deployment of Wireless Networks in The deployment of Wireless Networks in High Voltage

The deployment of Wireless Networks in The deployment of Wireless Networks in High Voltage Substations: A feasibility High Voltage Substations: A feasibility Study Study Basile L. AGBA *, S. Riendeau, H. Bertrand, J. Bland Basile L. AGBA *,

760 views • 22 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

453 views • 34 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

426 views • 25 slides
Feasibility of Consistent, Feasibility of Consistent, Feasibility of Consistent, Feasibility of

Feasibility of Consistent, Feasibility of Consistent, Feasibility of Consistent, Feasibility of

Feasibility of Consistent, Feasibility of Consistent, Feasibility of Consistent, Feasibility of Consistent, Available, Partition Available, Partition- -Tolerant Tolerant Web Services Web Services Meng Wang Jingxin Feng Feb 14, 2011 Feb

828 views • 48 slides
Mechanism Feasibility Design Tutorial Session Notes Dr. James Gopsill Design & Manufacture 2

Mechanism Feasibility Design Tutorial Session Notes Dr. James Gopsill Design & Manufacture 2

2017 Mechanism Feasibility Design Tutorial Session Notes Dr. James Gopsill Design & Manufacture 2 Mechanism Feasibility Design 1 Session 4 2017 Last Week 1. Shaft Design Feedback 2. Deployment Modelling Demo: Stopping the

583 views • 15 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
MARKET FEASIBILITY Market Feasibility July 27, 2017 Business Feasibility CHARACTERISTICS OF

MARKET FEASIBILITY Market Feasibility July 27, 2017 Business Feasibility CHARACTERISTICS OF

MARKET FEASIBILITY Market Feasibility July 27, 2017 Business Feasibility CHARACTERISTICS OF SUCCESSUL ENTREPRENEURS CHECKLIST-RESULTS Look at your responses to the questions on characteristics. If you circled very much like me

299 views • 14 slides
VI. The Feasibility Study VI. The Feasibility Study What is a feasibility study? What is a

VI. The Feasibility Study VI. The Feasibility Study What is a feasibility study? What is a

Basi di Dati e Sistemi Informativi II VI. The Feasibility Study VI. The Feasibility Study What is a feasibility study? What is a feasibility study? What to study and conclude? What to study and conclude? Benefits and costs Benefits and costs

838 views • 34 slides
Family Communication During Deployment Please download the Family Communication during Deployment

Family Communication During Deployment Please download the Family Communication during Deployment

Family Communication During Deployment Please download the Family Communication during Deployment Worksheet before beginning this class. Family Communication during Deployment (MAR 2103) What are the options? Care E-mail Packages Letters

221 views • 9 slides
Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school

Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school

ICFP Integrated Curriculum Financial Planning Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school leaders/trustees to ensure value for money and efficient use of the funding we currently receive Staff Deployment

517 views • 20 slides
DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW

DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW

5.08.2020 PRESENTATION TO PWS-RCAC TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW An assessment and evaluation of available technologies and methods for establishing an

1.17k views • 69 slides
NMCB Ops Officer Perspective Iraq/Kuwait Deployment Brief to: SAME Mid-Atlantic Regional

NMCB Ops Officer Perspective Iraq/Kuwait Deployment Brief to: SAME Mid-Atlantic Regional

NMCB Ops Officer Perspective Iraq/Kuwait Deployment Brief to: SAME Mid-Atlantic Regional Conference 10 OCT 07 Overview Deployment Overview Deployment Timeline Mission Organization Locations Deployment Highlights

369 views • 26 slides
Feasibility Summary Workshop Agenda Review CNVC Timeline Feasibility Summary: Key

Feasibility Summary Workshop Agenda Review CNVC Timeline Feasibility Summary: Key

Feasibility Summary Workshop Agenda Review CNVC Timeline Feasibility Summary: Key Elements Dos and Donts Q&A Upcoming Events and Deadlines College Quick Pitches and Teambuilding Nov. 1 | 5-6 p.m. | Chicago Booth

530 views • 31 slides
INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS

INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS

INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS OPERATIONS Christian Kaestner Required reading: Eric Breck, Shanqing Cai, Eric Nielsen, Michael Salib, D. Sculley. The ML Test Score: A Rubric for ML

1.36k views • 124 slides
DC Public Bank Feasibility Study Feasibility Study Overview The District is evaluating the

DC Public Bank Feasibility Study Feasibility Study Overview The District is evaluating the

Protecting Your Financial Interests DC Public Bank Feasibility Study Feasibility Study Overview The District is evaluating the feasibility of establishing a public bank. If feasible, a public bank could enhance the Districts fiscal

131 views • 12 slides
The EU in the Eyes of Asia Pacific Associate Professor Natalia Chaban Jean Monnet Chair Deputy

The EU in the Eyes of Asia Pacific Associate Professor Natalia Chaban Jean Monnet Chair Deputy

The EU in the Eyes of Asia Pacific Associate Professor Natalia Chaban Jean Monnet Chair Deputy Director, National Centre for Research on Europe Head of European and EU Studies University of Canterbury, New Zealand The EU in the Eyes of Asia

1.08k views • 78 slides
Uncertainty management in the IPCC Minh Ha-Duong, CNRS haduong@cired.fr 1. Outline

Uncertainty management in the IPCC Minh Ha-Duong, CNRS haduong@cired.fr 1. Outline

Socit de Philosophie des Sciences Symposium, Nancy, 2011-07-21 Climate science and climate change: Epistemological and methodological issues Uncertainty management in the IPCC Minh Ha-Duong, CNRS haduong@cired.fr 1. Outline

413 views • 37 slides
Abstract Drawing on the substitution axiom formulated by Basu and Van (1998) this study examines

Abstract Drawing on the substitution axiom formulated by Basu and Van (1998) this study examines

DOES PARENTAL INCOME AFFECT CHILD LABOR SUPPLY? EVIDENCE FROM THE INDONESIA FAMILY LIFE SURVEY Elan Satriawan and Alif Timur Ghifari Abstract Drawing on the substitution axiom formulated by Basu and Van (1998) this study examines the

648 views • 33 slides
Temptation, Commitment, and the Wealthy Hand to Mouth Agnes Kovacs 1 Patrick Moran 2 1 University

Temptation, Commitment, and the Wealthy Hand to Mouth Agnes Kovacs 1 Patrick Moran 2 1 University

Temptation, Commitment, and the Wealthy Hand to Mouth Agnes Kovacs 1 Patrick Moran 2 1 University of Oxford 2 University of Oxford December 12, 2017 Motivation FACT 1: 20% of households are wealthy hand to mouth Kaplan, Violante, and Weidner

624 views • 50 slides
Entry Standards What? Establishes standards for use of names Avoids duplicate and

Entry Standards What? Establishes standards for use of names Avoids duplicate and

Person & Organization Entry Standards What? Establishes standards for use of names Avoids duplicate and inaccurate records Designates record stewards Provides helpful tips for finding, creating, and maintaining records

273 views • 8 slides
Three Towns .. One Community A Mission-Driven Learning Community with a PK-12 Line of Sight

Three Towns .. One Community A Mission-Driven Learning Community with a PK-12 Line of Sight

Three Towns .. One Community A Mission-Driven Learning Community with a PK-12 Line of Sight Timeline Chris Riley Region 4 Board of Education Chairman 2005 Timeline January, 2015: All Boards of Education unanimously endorsed moving forward

808 views • 55 slides
Cross Border Technologies - The technology licensing company - Cross Border Technologies

Cross Border Technologies - The technology licensing company - Cross Border Technologies

Company Presentation Cross Border Technologies - The technology licensing company - Cross Border Technologies Munich Yokohama Seoul Table of contents Introduction Our company profile Services we offer Our

349 views • 31 slides
iPad/iPhone Security Awareness for individuals and business Erik Couture GIAC (GSEC GCIH GCIA

iPad/iPhone Security Awareness for individuals and business Erik Couture GIAC (GSEC GCIH GCIA

iPad/iPhone Security Awareness for individuals and business Erik Couture GIAC (GSEC GCIH GCIA GCFA GCNA) August 2011 SANS Technology Institute - Candidate for Master of Science Degree 1 What s the threat? Threats to the device (data at

64 views • 5 slides

More recommend