when usb devices attack
play

When USB devices attack Manchester Grey Hats PRESENTED BY: Tim - PowerPoint PPT Presentation

Jan 28, 2023 •370 likes •606 views

When USB devices attack Manchester Grey Hats PRESENTED BY: Tim Wilkes @mcrgreyhats Disclaimer: Please dont be a dick. I accept no responsibility. Ever. For Anything. 1997 was not a good year... Windows 95 OSR 2.5 came out

  1. When USB devices attack Manchester Grey Hats PRESENTED BY: Tim Wilkes @mcrgreyhats

  2. Disclaimer: Please don’t be a dick. I accept no responsibility. Ever. For Anything.

  3. 1997 was not a good year... · Windows 95 OSR 2.5 came out · Difgerent connectors for difgerent devices · USB Support · Autorun was a thing · Clippy...

  4. Fast forward to 2017... · USB Keyboards · USB Storage · USB Network · USB Serial Interfaces · USB fans ? · USB gimmicks

  5. So USB does quite a bit... · How does the computer know what device is attached? ·

  6. Interested in USB Development? · Try the HIDIOT by Rawhex. · Rawhex is not Digistump · The HIDIOT is not a digispark · They are compatible · The HIDIOT is awesome for USB development · Rawhex are awesome – We have 2 HIDIOTS to give out

  7. Just to back up a little · Season 2 (Episode 3) of Hak5 released the USB Switchblade based on USBdumper (2006) · Later USB-hacksaw · Utilized Autorun with the USB storage. · Later became the basis for the...

  8. USB Rubber ducky

  9. Must be a good idea... · Many imitators · Peensy / T eensy · Digispark / ATTiny based · BAD USB · Now the Bash Bunny is also available · Network / storage /keyboard / serial

  10. Also The Lan turtle · Network based attacks · Imitators too · Poison tap

  11. Enter Mr Robot · USB drops · Rubber ducky costs $50 · Bash Bunny costs $150 · Not cheap / disposable

  12. Way too expensive · So what about the alternatives? · T eensy is around £10 · Peensy is more (+ soldering) · BADUSB – PITA (if you can fjnd the drive) · Digispark is £1 – We have a winner!

  13. Downsides · Looks – requires camoufmage · Limited memory · Can’t type out meterpreter (directly) · Has no feedback (but none of the devices do)

  14. Speaking of Feedback... · If you enjoy the workshop, please leave feedback on meetup.com

  15. Is everyone set up for the Workshop? · Do you have the Arduino software installed? · Do you have the digispark board installed? · http://digistump.com/package_digistump_ index.json · Drivers?

  16. The IDE

  17. Ex 1 - Blinken Lights

  18. Ex 2 – T ext in Notepad

  19. Ex 3 - Fakeupdate

  20. Ex 4 – Web deploy

  21. Ex 5 - Random Number Gen · Don’t use in anger!

  22. Ex 6 – Rubber Ducky Payload

  23. Questions? CONTACT: usb@php-systems.com License statement goes here. Creative Commons licenses are good.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
A Cache Poisoning Attack Targeting DNS Forwarding Devices Xiaofeng Zheng , Chaoyi Lu, Jian Peng,

A Cache Poisoning Attack Targeting DNS Forwarding Devices Xiaofeng Zheng , Chaoyi Lu, Jian Peng,

Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices Xiaofeng Zheng , Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan and Zhiyun Qian DNS Forwarder Devices

593 views • 20 slides
Attack vectors on mobile devices Tam Hanna aka @tamhanna About /me Tam HANNA

Attack vectors on mobile devices Tam Hanna aka @tamhanna About /me Tam HANNA

Attack vectors on mobile devices Tam Hanna aka @tamhanna About /me Tam HANNA CEO, Tamoggemon Ltd. Runs web sites about mobile computing Starting thoughts Different user perceptions Mobile phones are always on the

923 views • 74 slides
WAMOS 2018 Common Attack Vectors of IoT Devices 09.08.2018 Alexios Karagiozidis Motivation

WAMOS 2018 Common Attack Vectors of IoT Devices 09.08.2018 Alexios Karagiozidis Motivation

WAMOS 2018 Common Attack Vectors of IoT Devices 09.08.2018 Alexios Karagiozidis Motivation Botnetworks and Internet attacks increased rapidly Examples of security issues: Mirai-Bot-Network CVE-2018-10967, bufferoverflow via

848 views • 27 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Dropping legacy devices in Qemu Gabriel Laskar <gabriel@lse.epita.fr> Why do we need a

Dropping legacy devices in Qemu Gabriel Laskar <gabriel@lse.epita.fr> Why do we need a

Dropping legacy devices in Qemu Gabriel Laskar <gabriel@lse.epita.fr> Why do we need a smaller VM? Reduced boot time Smaller attack surface Performances Why not? ISA Devices On a fixed io address (non discoverable, no

418 views • 12 slides
Cohesive Devices Cohesive devices Cohesive devices are like

Cohesive Devices Cohesive devices Cohesive devices are like

Cohesive Devices Cohesive devices Cohesive devices are like road signs. They keep the text running smoothly , making it clear which direc8on to

431 views • 7 slides
ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong

440 views • 11 slides
Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know. Current biological diagnostics are very effective at identifying agents, but theyre slow. We already have an infrastruc- ture in place to

233 views • 8 slides
ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack & GOT Overwrite Attack Dr. Si Chen (schen@wcupa.edu) Review Page 2 ret2libc Attack Page 3 libc C standard library Provides

662 views • 36 slides
in Mixed-Signal IoT Devices Dennis R. E. Gnad, Jonas Krautter, Mehdi B. Tahoori I NSTITUT FR T

in Mixed-Signal IoT Devices Dennis R. E. Gnad, Jonas Krautter, Mehdi B. Tahoori I NSTITUT FR T

Leaky Noise: New Side-Channel Attack Vectors in Mixed-Signal IoT Devices Dennis R. E. Gnad, Jonas Krautter, Mehdi B. Tahoori I NSTITUT FR T ECHNISCHE I NFORMATIK C HAIR OF D EPENDABLE N ANO C OMPUTING KIT University of the State of

480 views • 36 slides
ASSISTIVE DEVICES ASSISTIVE DEVICES & RELAY SERVICES Communications & Alert Devices

ASSISTIVE DEVICES ASSISTIVE DEVICES & RELAY SERVICES Communications & Alert Devices

ASSISTIVE DEVICES ASSISTIVE DEVICES & RELAY SERVICES Communications & Alert Devices Flashing lights for doorbells & fire alarms, etc. Scrolling text & text inputs on g p shelter intercoms Vibrate for baby crying, etc.

251 views • 11 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler

A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler

A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler Federal Office for Information Security (BSI), Germany Lausanne, September 7, 2009 Outline r Introduction and Motivation r The Attack r Basic attack

514 views • 25 slides
Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed Abdelraheem, Huda AlKhzaimi, and Erik Zenner DTU Mathematics

598 views • 37 slides
Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack Summary : The attack was severe and sophisticated; categorized as a catastrophic attack. It was highly strategic with regard to timing

329 views • 16 slides
Readings for the Next Lectures Clark, Gregory (2008), A Farewell to Alms , excerpt from Chapter 3

Readings for the Next Lectures Clark, Gregory (2008), A Farewell to Alms , excerpt from Chapter 3

Readings for the Next Lectures Clark, Gregory (2008), A Farewell to Alms , excerpt from Chapter 3 Steckel, Richard (2008), Biological Measures of the Standard of Living, Journal of Economic Perspectives Bocquet-Appel, Jean-Pierre (2011),

948 views • 61 slides
CACTI CUSTOMISATION 11 th TF-NOC Meeting - Madrid Richard P.J. Sanigar 21/10/2014 Creating the

CACTI CUSTOMISATION 11 th TF-NOC Meeting - Madrid Richard P.J. Sanigar 21/10/2014 Creating the

Serving European NRENs Serving European NRENs CACTI CUSTOMISATION 11 th TF-NOC Meeting - Madrid Richard P.J. Sanigar 21/10/2014 Creating the global research village Cacti Customisation Serving European NRENs Serving European

366 views • 10 slides
100% Big Data 0% Hadoop 0% Java Pavlo Baron, codecentric AG Wednesday, December 5, 12

100% Big Data 0% Hadoop 0% Java Pavlo Baron, codecentric AG Wednesday, December 5, 12

100% Big Data 0% Hadoop 0% Java Pavlo Baron, codecentric AG Wednesday, December 5, 12 pavlo.baron@codecentric.de @pavlobaron github.com/pavlobaron Wednesday, December 5, 12 So here is the short story... Wednesday, December 5, 12 sitting

1.25k views • 65 slides
Emerging Languages in the Enterprise Ola Bini ola.bini@gmail.com http://olabini.com/blog

Emerging Languages in the Enterprise Ola Bini ola.bini@gmail.com http://olabini.com/blog

Emerging Languages in the Enterprise Ola Bini ola.bini@gmail.com http://olabini.com/blog Enterprise Types Business processes Integration Database SOA Legacy systems Web applications Requirements Latency, Scaling, QoS Tools

389 views • 15 slides
IETF 82 Cullen Jennings 1 1 2 Yes, we can do interactive voice and video today, but its

IETF 82 Cullen Jennings 1 1 2 Yes, we can do interactive voice and video today, but its

IETF 82 Cullen Jennings 1 1 2 Yes, we can do interactive voice and video today, but its Proprietary, no interoperability Dependant on 3 rd Party Browser plug-ins or add-ons Not easy to deploy 3 Web storefronts offer

600 views • 13 slides
Lecture 2: Introduction to Segmentation Jonathan Krause Fei-Fei Li, Jonathan Krause Lecture 2 -

Lecture 2: Introduction to Segmentation Jonathan Krause Fei-Fei Li, Jonathan Krause Lecture 2 -

Lecture 2: Introduction to Segmentation Jonathan Krause Fei-Fei Li, Jonathan Krause Lecture 2 - 1 Goal Goal: Identify groups of pixels that go together image credit: Steve Seitz, Kristen Grauman Fei-Fei Li, Jonathan Krause Lecture 2 - 2

1.12k views • 70 slides
CS 1666 www.cs.pitt.edu/~nlf4/cs1666/ Introduction to SDL and 2D computer graphics Graphics

CS 1666 www.cs.pitt.edu/~nlf4/cs1666/ Introduction to SDL and 2D computer graphics Graphics

CS 1666 www.cs.pitt.edu/~nlf4/cs1666/ Introduction to SDL and 2D computer graphics Graphics history: Whirlwind/SAGE First real-time computer display 1950's, MIT/US Government development Used as an air defense system into the 1980's

464 views • 22 slides
Pixelwise classification for music document analysis Jorge Calvo-Zaragoza Center for

Pixelwise classification for music document analysis Jorge Calvo-Zaragoza Center for

Pixelwise classification for music document analysis Jorge Calvo-Zaragoza Center for Interdisciplinary Research in Music Media and Technology Schulich School of Music McGill University, Montr eal (Canada) SIMSSA Workshop XII (Aug 2017) 1 /

468 views • 42 slides

More recommend