Attacking The USB Vector

•

0 likes•1,007 views

The following presentation explores the ability to attack the USB vector using USB toolkits and HID devices. The presentation also looks at what is necessary to defend against these attacks

Technology

Quick Scope
● Information given with an emphasis on Windows 7
● Presentation will focus on USB attacks and
countermeasures
● Presentation will cover countermeasures tailored to USB
defense, rather than all potential defenses

Basic USB Process
● Device connected
● Address designation
● Descriptors read
● Configurations established
● Device is ready for use

USB Attacks
● USB Toolkit
● HID USB Devices

USB Toolkits (USB Attacks)
● Easy To Use
● Modular
● Versatile
● Not Always Easily Detectable

USB Toolkits (USB Attacks cont.)
● Hacksaw
– Easy to set up
– Modular
– Most successful versions rely on U3 technology
● Katana
– Offers bootable OS

HID Devices (USB Attacks)
● Abuse the trust relationship between human and
machine
● Devices that rely on input device emulation
● Allows keyboard input at faster rates than humans
● Attacks generally work on anything with a USB port that
takes in input

HID Devices (USB Attacks)
● USB Rubber Ducky
– Open Source
– Configurable
– Offers opportunity to alter firmware to modify device
functionality
– Anything that can be done from a keyboard, can be
emulated by this device

Notable USB Malware
● Stuxnet
– Propagates mainly via USB
– Avoids network traffic
– Updates and acts via C&C
– Infects intelligently
– Made to infect SCADA and Windows systems using
zero day exploits (at least 4)
– Modified behavior based on AV vendors

Countermeasures
● Security Policy
● Personnel
● Physical
● Firmware
● Software
● System Policy
● Host/Network Specific

Security Policy (Countermeasure)
● Who is allowed where
● Where USB devices are allowed/disallowed
● Specifications on what USB devices may be used
● Company provided USB drives

Personnel (Countermeasure)
● EDUCATION!!!
– Don't use dropped USB drives. TURN THEM IN!
– Don't use admin account when unnecessary
– If you're not using your computer, lock it!
– Use a password
– Educate why ALL of these things are important!

Physical (Countermeasure)
● Critical machines should
be in a locked and
monitored environment
● Personnel to ensure
device tampering doesn't
happen
● USB Port Locks
● Chassis Lock

Firmware (Countermeasure)
● Password Firmware
Access
● Lower USB on the Boot
Order

Firmware (Countermeasure)
● Disable USB If It Is Not
Needed

Firmware (Countermeasure)
● Chassis Intrusion
Detection

Software (Countermeasure)
● AV
– Password the AV where possible
● USB port scan software

Policy (Countermeasure)
● Disable Autorun for all
● Enforce UAC
● Whitelisting/Blacklisting
● Autorun.inf parsing

Host/Network Specific
(Countermeasures)
● Network AV
● Firewalls
● HIDS/HIPS

Ecology based Countermeasures
● Military and Government Computers
● Enterprise Based Computers
● Public Computers
● Personal Computers

After Thoughts
● Security of Whitelisting: how secure is it?
● AV vs. Custom Malware
● Countermeasure effectiveness vs. convenience
● USB Banning vs. restricting
● How to spread this knowledge to those who don't know it
is needed?
● Is it possible to stop an attack, even with these
countermeasures in an espionage-prone environment?

Similar to Attacking The USB Vector

Hacking and Forensics on the Go - 44CON 2012

44CON

wanna be h4ck3r !

Eslam El Husseiny

Embedded Linux Systems Basics

Max Henery

This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw. The presentation was done as part of null/OWASP/G4H Monthly Meet

Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014

Anant Shrivastava

Microcontrollers as an emerging attack platform: Offense and Defense. Presentation was given at Philadelphia Region Electronic Crimes Task Force. Presentation is intended to provide an overview of the new and emerging technologies that can be used to circumvent traditional anti-virus and malware detection software. Discussed techniques can also be used as a method for covert data exfiltration.

Microcontroller mayhem - ECTF & USSS 2011

warezjoe

Fear and Loathing on your Desk: BadUSB, and what you should do about it Presented at Kiwicon 9, 10-11 December 2015, Wellington New Zealand. For over 15 years USB has been the universal computing peripheral interface. In simpler times the host computer and the USB device trusted each other, and so USB implementations historically placed little emphasis on security issues. But what if malicious firmware were loaded into a USB device? How can you protect yourself from BadUSB? This talk will review public implementations of BadUSB, and (the distinct lack of) available defensive techniques. A hardware gadget will then be presented to make most of your problems...disappear.

BadUSB, and what you should do about it

robertfisk

Embedded device security is an issue of global importance, and one that has grown exponentially over the last few years. Because of their slow patch cycles and the increasing difficulty of exploiting other,more traditional platforms, they have quickly become a favorite target for researchers and attackers alike. While deeply fragmented, each country has its own unique “footprint” of these devices on the Internet, based largely on the embedded devices distributed by major ISPs. We will use our survey of Japanese devices as an example of how, by fingerprinting and examining popular devices on a given country's networks, it is possible for an attacker to very quickly go from zero knowledge to widespread remote code execution. During this talk, we provide an in-depth analysis of various routers and modems provided by popular Japanese ISPs, devices which we had never heard of on networks we had never used . We discuss how we approached surveying approximate market usage, reverse engineering obfuscated and encrypted firmware images, performing vulnerability analysis on the recovered binaries, and developing of proof-of-concept exploits for discovered vulnerabilities, all from the United States. In addition, we provide recommendations as to how ISPs and countries might begin to address the serious problems introduced by these small but important pieces of the Internet. All vulnerabilities discovered were promptly and responsibly disclosed to affected parties.

CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...

CODE BLUE

The Deck by Phil Polstra GrrCON2012

Philip Polstra

CISSP Week 14

jemtallon

ELC_NA-2015-AFT_for_CI-Igor.Stoppa

Igor Stoppa

Endpoint Security Shifting Paradigms 5

tafinley

Introduction to Firmware

Caroline Murphy

Day1 ubuntu boot camp

Darlene Parker

Lecture 7 - Security

Alexandru Radovici

Infrastructure Security

UTD Computer Security Group

Usb Control

tafinley

Cloud Security with LibVMI

Tamas K Lengyel

Session presented in the Combined [nullDelhi + OWASPDelhi] webinar on 7th July. Watch the webinar here - https://youtu.be/BQWcUjzxJE0 Have you been wondering about how to start in mobile application security, more specifically iOS/Android application security? In this talk, I will try to answer some of the most common questions about getting started in mobile application security testing. Starting from what platform to choose, where to learn, good resources, hardware requirements etc etc. Will also demo you about Mobexler - A Mobile Application Penetration Testing Platform and how you can use it for pentesting of iOS as well as android apps. This talk will be a mix of some demo, and some knowledge.

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources

OWASP Delhi

Getting started with hacking android & i os apps tools, techniques and re...

n|u - The Open Security Community

Web application security and why you should review yours, is a whole stack look skydive without a parachute, let's try not to die as we explore what is an attack surface, Arcronym hell, Vulnerability naming, Detection or provention is there a place for both or none, emerging oss technologies which can help you, a firehose review of compromises 2014 through 2018, and finally a live compromise demo covering everything we've discussed as being 'bad' ... or as often happens the backup video.

Ple18 web-security-david-busby

David Busby, CISSP

Similar to Attacking The USB Vector (20)

Hacking and Forensics on the Go - 44CON 2012

wanna be h4ck3r !

Embedded Linux Systems Basics

Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014

Microcontroller mayhem - ECTF & USSS 2011

BadUSB, and what you should do about it

CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...

The Deck by Phil Polstra GrrCON2012

CISSP Week 14

ELC_NA-2015-AFT_for_CI-Igor.Stoppa

Endpoint Security Shifting Paradigms 5

Introduction to Firmware

Day1 ubuntu boot camp

Lecture 7 - Security

Infrastructure Security

Usb Control

Cloud Security with LibVMI

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources

Getting started with hacking android & i os apps tools, techniques and re...

Ple18 web-security-david-busby

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

DBX First Quarter 2024 Investor Presentation

Dropbox

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Architecting Cloud Native Applications

WSO2

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Apidays New York 2024 - The value of a flexible API Management solution for O...

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Manulife - Insurer Transformation Award 2024

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Corporate and higher education May webinar.pptx

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

DBX First Quarter 2024 Investor Presentation

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

MS Copilot expands with MS Graph connectors

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Strategies for Landing an Oracle DBA Job as a Fresher

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

presentation ICT roal in 21st century education

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Architecting Cloud Native Applications

Attacking The USB Vector

1. Attacking the USB Vector Brandon Greene

2. Quick Scope ● Information given with an emphasis on Windows 7 ● Presentation will focus on USB attacks and countermeasures ● Presentation will cover countermeasures tailored to USB defense, rather than all potential defenses

3. Basic USB Process ● Device connected ● Address designation ● Descriptors read ● Configurations established ● Device is ready for use

4. USB Attacks ● USB Toolkit ● HID USB Devices

5. USB Toolkits (USB Attacks) ● Easy To Use ● Modular ● Versatile ● Not Always Easily Detectable

6. USB Toolkits (USB Attacks cont.) ● Hacksaw – Easy to set up – Modular – Most successful versions rely on U3 technology ● Katana – Offers bootable OS

7. HID Devices (USB Attacks) ● Abuse the trust relationship between human and machine ● Devices that rely on input device emulation ● Allows keyboard input at faster rates than humans ● Attacks generally work on anything with a USB port that takes in input

8. HID Devices (USB Attacks) ● USB Rubber Ducky – Open Source – Configurable – Offers opportunity to alter firmware to modify device functionality – Anything that can be done from a keyboard, can be emulated by this device

9. Attack Device Demo

10. Notable USB Malware ● Stuxnet – Propagates mainly via USB – Avoids network traffic – Updates and acts via C&C – Infects intelligently – Made to infect SCADA and Windows systems using zero day exploits (at least 4) – Modified behavior based on AV vendors

11. Countermeasures ● Security Policy ● Personnel ● Physical ● Firmware ● Software ● System Policy ● Host/Network Specific

12. Security Policy (Countermeasure) ● Who is allowed where ● Where USB devices are allowed/disallowed ● Specifications on what USB devices may be used ● Company provided USB drives

13. Personnel (Countermeasure) ● EDUCATION!!! – Don't use dropped USB drives. TURN THEM IN! – Don't use admin account when unnecessary – If you're not using your computer, lock it! – Use a password – Educate why ALL of these things are important!

14. Physical (Countermeasure) ● Critical machines should be in a locked and monitored environment ● Personnel to ensure device tampering doesn't happen ● USB Port Locks ● Chassis Lock

15. Firmware (Countermeasure) ● Password Firmware Access ● Lower USB on the Boot Order

16. Firmware (Countermeasure) ● Disable USB If It Is Not Needed

17. Firmware (Countermeasure) ● Chassis Intrusion Detection

18. Software (Countermeasure) ● AV – Password the AV where possible ● USB port scan software

19. Policy (Countermeasure) ● Disable Autorun for all ● Enforce UAC ● Whitelisting/Blacklisting ● Autorun.inf parsing

20. Host/Network Specific (Countermeasures) ● Network AV ● Firewalls ● HIDS/HIPS

21. Ecology based Countermeasures ● Military and Government Computers ● Enterprise Based Computers ● Public Computers ● Personal Computers

22. After Thoughts ● Security of Whitelisting: how secure is it? ● AV vs. Custom Malware ● Countermeasure effectiveness vs. convenience ● USB Banning vs. restricting ● How to spread this knowledge to those who don't know it is needed? ● Is it possible to stop an attack, even with these countermeasures in an espionage-prone environment?

23. Why Should You Care?

Attacking The USB Vector

Recommended

Recommended

More Related Content

Similar to Attacking The USB Vector

Similar to Attacking The USB Vector (20)

Recently uploaded

Recently uploaded (20)

Attacking The USB Vector