SlideShare a Scribd company logo

USB Hacking - LearnDay@Xoxzo #11

Xoxzo Inc.
Xoxzo Inc.

LearnDay@Xoxzo is a monthly online seminar initiated by the Xoxzo team. We will have speakers from the team or guest speakers which will talk for 20 minutes each, on a subject of their choosing. USB Hacking by Josef. XOXZO Learn day #11 2019/07/26 ====================== We have recorded sessions of our previous LearnDay here: https://www.youtube.com/channel/UCiV-bQprArQxKBSzaKY1vQg For updates and news on our future LearnDays, follow us on Twitter (https://twitter.com/xoxzocom/) or sign up for our Exchange Newsletter (https://info.xoxzo.com/en/exchange-mailing-list/)

Technology
1 of 28
Download to read offline
USB Hacking Josef Monje 2019.07.26 • LearnDay #11
Once upon a time There was a worm named Conficker. It was first detected in 2008. It infected a millions of computers and enjoyed a lot of media attention. Its second variant added the ability to spread via USB, exploiting Windows AutoRun. 20XX 20XX 20XX 20XX Infect lots of compu ters
The USB Port How to identify USB? What kinds of device? Characteristics of USB?
Receptacles Thank you, Wikipedia
Device Classes Unspecified Audio Communications and CDC Control Human interface device (HID) Physical Interface Device (PID) Image (PTP/MTP) Printer Mass storage (MSC or UMS) USB hub CDC-Data Smart Card Content security Video Personal healthcare Audio/Video (AV) Billboard Diagnostic Device Wireless Controller Miscellaneous Application-specific Vendor-specific Thank you, Wikipedia
Objectives Standardized connections Self-configuring Hot-pluggable Data Power Thank you, Wikipedia
Thank you, Wikipedia Inside a USB flash drive
Development of USB Attacks Early stage Middle stage Late stage Timeline
2007 Adoption of Arduino and microcontrollers August 2007 10,000 Arduino boards in existence Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
2009 Exploring attacks on USB protocol, Fuzzing USB drivers using a microcontroller August 2009 DEFCON 17: USB Attacks: Fun with Plug & Own Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
2010 What if this pranking toy was programmable? August 2010 DEFCON 18: Programmable HID USB Keystroke Dongle (Teensy) Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
2011 More and more people were demonstrating ways to exploit how USB works to defeat security products using microcontrollers... July/August 2011 Black Hat: Exploiting USB Devices using Arduino Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
2012 … and hardware was developed to demonstrate attacks, improve research and become defining products of the category July 2012 DEFCON 20: Bypassing Endpoint Security for $20 or Less Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec February 2012 Raspberry Pi July 2012 Facedancer USB Rubber Ducky February 2012
2014 USB attacks officially get a name, people start demonstrating complex attacks Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec September 2014 Kali NetHunter August 2014 Black Hat: BadUSB- On Accessories that Turn Evil December 2014 USBDriveby
2015 From “how do you break this?”, to “how far can you take this?”, new USB attack appears Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec August 2015 DEFCON 23: USB Attack to Decrypt Wi Fi Communications October 2015 USB Killer 2.0 November 2015 Pi Zero Gadget mode works
USB Killer vs...
Linux Gadget Module
2016 Big platform integrates functionality, commercial product becomes DIY, attacks use multiple device classes Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec January 2016 NetHunter integrates BadUSB May 2016 DIY USB Rubber Ducky November 2016 PoisonTap August 2016 Mr. Robot episode
2017 Products evolve, miniaturization, customizable platforms Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec March 2017 Bash Bunny April 2017 MalDuino February 2017 P4wnP1
Why I prefer P4wnP1...
2018 DIY your own USB attack, products for everybody, it’s already mainstream Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec April 2018 P4wnP1 a.l.o.a. August 2018 Malware-Infected USB Cables And more
YouTube search results
YouTube search results
2005 In fact, some research was already done but microcontrollers weren’t yet a thing Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec July 2005 Black Hat - Plug and Root, the USB Key to the Kingdom
Figured out in 2005... Except it was uploaded in 2013

Recommended

Alpsp Web 2 Intro
Alpsp Web 2 IntroAlpsp Web 2 Intro
Alpsp Web 2 IntroDavid Smith
 
Herding Cats: Governance in Free and Open Source Software
Herding Cats: Governance in Free and Open Source SoftwareHerding Cats: Governance in Free and Open Source Software
Herding Cats: Governance in Free and Open Source SoftwareSameer Verma
 
The Underground battles over the future of the Internet, and what You can do.
The Underground battles over the future of the Internet, and what You can do.The Underground battles over the future of the Internet, and what You can do.
The Underground battles over the future of the Internet, and what You can do.BarCamp Lithuania
 
USB Defender Overview
USB Defender OverviewUSB Defender Overview
USB Defender OverviewStraff Wentworth
 
Android technology sunny
Android technology sunnyAndroid technology sunny
Android technology sunnySunny Yadav
 
Deepak Pathak's PPT
Deepak Pathak's PPTDeepak Pathak's PPT
Deepak Pathak's PPTdeepak pathak
 
What is Android Mobile Phone?
What is Android Mobile Phone?What is Android Mobile Phone?
What is Android Mobile Phone?payalseosmo
 
android -1263.pptx
android -1263.pptxandroid -1263.pptx
android -1263.pptxssuser079000
 

Recommended

Alpsp Web 2 Intro
Alpsp Web 2 IntroAlpsp Web 2 Intro
Alpsp Web 2 IntroDavid Smith
 
Herding Cats: Governance in Free and Open Source Software
Herding Cats: Governance in Free and Open Source SoftwareHerding Cats: Governance in Free and Open Source Software
Herding Cats: Governance in Free and Open Source SoftwareSameer Verma
 
The Underground battles over the future of the Internet, and what You can do.
The Underground battles over the future of the Internet, and what You can do.The Underground battles over the future of the Internet, and what You can do.
The Underground battles over the future of the Internet, and what You can do.BarCamp Lithuania
 
USB Defender Overview
USB Defender OverviewUSB Defender Overview
USB Defender OverviewStraff Wentworth
 
Android technology sunny
Android technology sunnyAndroid technology sunny
Android technology sunnySunny Yadav
 
Deepak Pathak's PPT
Deepak Pathak's PPTDeepak Pathak's PPT
Deepak Pathak's PPTdeepak pathak
 
What is Android Mobile Phone?
What is Android Mobile Phone?What is Android Mobile Phone?
What is Android Mobile Phone?payalseosmo
 
android -1263.pptx
android -1263.pptxandroid -1263.pptx
android -1263.pptxssuser079000
 
ppt on Android os- vinit
ppt on Android os- vinitppt on Android os- vinit
ppt on Android os- vinitVipul Pratap Singh
 
Android os by jje
Android os by jjeAndroid os by jje
Android os by jjeJefin Joseph
 
Decline Of Apple Essay
Decline Of Apple EssayDecline Of Apple Essay
Decline Of Apple EssayJamie Boyd
 
Google Android
Google AndroidGoogle Android
Google AndroidR. Purwedi Darminto
 
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...Beat Signer
 
Android technology
Android technologyAndroid technology
Android technologytrainingNCR
 
Android technology
Android technologyAndroid technology
Android technologytrainingNCR
 
Android operating system
Android operating systemAndroid operating system
Android operating systemBirju Tank
 
Android technology (1)
Android technology (1)Android technology (1)
Android technology (1)JangamNandini6649
 
A ROA for the WOT
A ROA for the WOTA ROA for the WOT
A ROA for the WOTDominique Guinard
 
Saminar ppt of
Saminar ppt ofSaminar ppt of
Saminar ppt ofSuraj Rajput
 
Android technology
Android technologyAndroid technology
Android technologyFaiz Khan
 
Android
AndroidAndroid
AndroidMegalaRamasamy
 
Vskills raspberry pi professional sample material
Vskills raspberry pi professional sample materialVskills raspberry pi professional sample material
Vskills raspberry pi professional sample materialVskills
 
Android technology
Android technology Android technology
Android technology yesurajansd
 
Android Technology
Android TechnologyAndroid Technology
Android TechnologyAman Kumar Dutt
 
ppt based on android technology with great animations
ppt based on android technology with great animationsppt based on android technology with great animations
ppt based on android technology with great animationsHriday Garg
 
ANDROID TECHNOLOGY
ANDROID TECHNOLOGYANDROID TECHNOLOGY
ANDROID TECHNOLOGYsathish sak
 
In a word document, write me a short document of Android development.pdf
In a word document, write me a short document of Android development.pdfIn a word document, write me a short document of Android development.pdf
In a word document, write me a short document of Android development.pdffazalenterprises
 
Why android os is most popular in world
Why android os is most popular in worldWhy android os is most popular in world
Why android os is most popular in worldBIPUL KUMAR GUPTA
 
人間のためのpython #stapy68 2021-04-14
人間のためのpython #stapy68 2021-04-14人間のためのpython #stapy68 2021-04-14
人間のためのpython #stapy68 2021-04-14Xoxzo Inc.
 
Goto statement considered harmful - LearnDay@Xoxzo #17
Goto statement considered harmful - LearnDay@Xoxzo #17Goto statement considered harmful - LearnDay@Xoxzo #17
Goto statement considered harmful - LearnDay@Xoxzo #17Xoxzo Inc.
 

More Related Content

Similar to USB Hacking - LearnDay@Xoxzo #11

Decline Of Apple Essay
Decline Of Apple EssayDecline Of Apple Essay
Decline Of Apple EssayJamie Boyd
 
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...Beat Signer
 
Android technology
Android technologyAndroid technology
Android technologytrainingNCR
 
Android technology
Android technologyAndroid technology
Android technologytrainingNCR
 
Android operating system
Android operating systemAndroid operating system
Android operating systemBirju Tank
 
Android technology
Android technologyAndroid technology
Android technologyFaiz Khan
 
Vskills raspberry pi professional sample material
Vskills raspberry pi professional sample materialVskills raspberry pi professional sample material
Vskills raspberry pi professional sample materialVskills
 
Android technology
Android technology Android technology
Android technology yesurajansd
 
ppt based on android technology with great animations
ppt based on android technology with great animationsppt based on android technology with great animations
ppt based on android technology with great animationsHriday Garg
 
ANDROID TECHNOLOGY
ANDROID TECHNOLOGYANDROID TECHNOLOGY
ANDROID TECHNOLOGYsathish sak
 
In a word document, write me a short document of Android development.pdf
In a word document, write me a short document of Android development.pdfIn a word document, write me a short document of Android development.pdf
In a word document, write me a short document of Android development.pdffazalenterprises
 
Why android os is most popular in world
Why android os is most popular in worldWhy android os is most popular in world
Why android os is most popular in worldBIPUL KUMAR GUPTA
 

Similar to USB Hacking - LearnDay@Xoxzo #11 (20)

ppt on Android os- vinit
ppt on Android os- vinitppt on Android os- vinit
ppt on Android os- vinit
 
Android os by jje
Android os by jjeAndroid os by jje
Android os by jje
 
Decline Of Apple Essay
Decline Of Apple EssayDecline Of Apple Essay
Decline Of Apple Essay
 
Google Android
Google AndroidGoogle Android
Google Android
 
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...
Introduction - Lecture 1 - Advanced Topics in Information Systems (WE-DINF-15...
 
Android technology
Android technologyAndroid technology
Android technology
 
Android technology
Android technologyAndroid technology
Android technology
 
Android operating system
Android operating systemAndroid operating system
Android operating system
 
Android technology (1)
Android technology (1)Android technology (1)
Android technology (1)
 
A ROA for the WOT
A ROA for the WOTA ROA for the WOT
A ROA for the WOT
 
Saminar ppt of
Saminar ppt ofSaminar ppt of
Saminar ppt of
 
Android technology
Android technologyAndroid technology
Android technology
 
Android
AndroidAndroid
Android
 
Vskills raspberry pi professional sample material
Vskills raspberry pi professional sample materialVskills raspberry pi professional sample material
Vskills raspberry pi professional sample material
 
Android technology
Android technology Android technology
Android technology
 
Android Technology
Android TechnologyAndroid Technology
Android Technology
 
ppt based on android technology with great animations
ppt based on android technology with great animationsppt based on android technology with great animations
ppt based on android technology with great animations
 
ANDROID TECHNOLOGY
ANDROID TECHNOLOGYANDROID TECHNOLOGY
ANDROID TECHNOLOGY
 
In a word document, write me a short document of Android development.pdf
In a word document, write me a short document of Android development.pdfIn a word document, write me a short document of Android development.pdf
In a word document, write me a short document of Android development.pdf
 
Why android os is most popular in world
Why android os is most popular in worldWhy android os is most popular in world
Why android os is most popular in world
 

More from Xoxzo Inc.

人間のためのpython #stapy68 2021-04-14
人間のためのpython #stapy68 2021-04-14人間のためのpython #stapy68 2021-04-14
人間のためのpython #stapy68 2021-04-14Xoxzo Inc.
 
Goto statement considered harmful - LearnDay@Xoxzo #17
Goto statement considered harmful - LearnDay@Xoxzo #17Goto statement considered harmful - LearnDay@Xoxzo #17
Goto statement considered harmful - LearnDay@Xoxzo #17Xoxzo Inc.
 
A very short history on drunkenness - LearnDay@Xoxzo #14
A very short history on drunkenness - LearnDay@Xoxzo #14A very short history on drunkenness - LearnDay@Xoxzo #14
A very short history on drunkenness - LearnDay@Xoxzo #14Xoxzo Inc.
 
PyCon JP 2019 LT - 「ありがとう」と言おう
PyCon JP 2019 LT - 「ありがとう」と言おうPyCon JP 2019 LT - 「ありがとう」と言おう
PyCon JP 2019 LT - 「ありがとう」と言おうXoxzo Inc.
 
How to run a design sprint - LearnDay@Xoxzo #9
How to run a design sprint - LearnDay@Xoxzo #9How to run a design sprint - LearnDay@Xoxzo #9
How to run a design sprint - LearnDay@Xoxzo #9Xoxzo Inc.
 
Lightning Talk: PyCon Thailand 2019
Lightning Talk: PyCon Thailand 2019Lightning Talk: PyCon Thailand 2019
Lightning Talk: PyCon Thailand 2019Xoxzo Inc.
 
The Culture Map - LearnDay@Xoxzo #8
The Culture Map - LearnDay@Xoxzo #8The Culture Map - LearnDay@Xoxzo #8
The Culture Map - LearnDay@Xoxzo #8Xoxzo Inc.
 
Linear algebra power of abstraction - LearnDay@Xoxzo #5
Linear algebra power of abstraction - LearnDay@Xoxzo #5Linear algebra power of abstraction - LearnDay@Xoxzo #5
Linear algebra power of abstraction - LearnDay@Xoxzo #5Xoxzo Inc.
 
The Takumi Method - LearnDay@Xoxzo #1
The Takumi Method - LearnDay@Xoxzo #1The Takumi Method - LearnDay@Xoxzo #1
The Takumi Method - LearnDay@Xoxzo #1Xoxzo Inc.
 
Django osc2018-okinawa
Django osc2018-okinawaDjango osc2018-okinawa
Django osc2018-okinawaXoxzo Inc.
 
多要素認証やSMSマーケティングを支えるテレフォニーAPI活用入門
多要素認証やSMSマーケティングを支えるテレフォニーAPI活用入門多要素認証やSMSマーケティングを支えるテレフォニーAPI活用入門
多要素認証やSMSマーケティングを支えるテレフォニーAPI活用入門Xoxzo Inc.
 
Working in a Fully Remote Organization: Challenges and How We Made it Work - ...
Working in a Fully Remote Organization: Challenges and How We Made it Work - ...Working in a Fully Remote Organization: Challenges and How We Made it Work - ...
Working in a Fully Remote Organization: Challenges and How We Made it Work - ...Xoxzo Inc.
 
JomLaunch 5.0 Sep 2017 by Iqbal Abdullah
JomLaunch 5.0 Sep 2017 by Iqbal AbdullahJomLaunch 5.0 Sep 2017 by Iqbal Abdullah
JomLaunch 5.0 Sep 2017 by Iqbal AbdullahXoxzo Inc.
 
Introduction to Data Analysis
Introduction to Data AnalysisIntroduction to Data Analysis
Introduction to Data AnalysisXoxzo Inc.
 
XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017Xoxzo Inc.
 
初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門Xoxzo Inc.
 
djangoのmigrationはどう動いているか
djangoのmigrationはどう動いているかdjangoのmigrationはどう動いているか
djangoのmigrationはどう動いているかXoxzo Inc.
 
PyCon APAC 2017
PyCon APAC 2017PyCon APAC 2017
PyCon APAC 2017Xoxzo Inc.
 
Pythonの隠れた武器
Pythonの隠れた武器Pythonの隠れた武器
Pythonの隠れた武器Xoxzo Inc.
 
The Secret Weapon Of Python
The Secret Weapon Of PythonThe Secret Weapon Of Python
The Secret Weapon Of PythonXoxzo Inc.
 

More from Xoxzo Inc. (20)

人間のためのpython #stapy68 2021-04-14
人間のためのpython #stapy68 2021-04-14人間のためのpython #stapy68 2021-04-14
人間のためのpython #stapy68 2021-04-14
 
Goto statement considered harmful - LearnDay@Xoxzo #17
Goto statement considered harmful - LearnDay@Xoxzo #17Goto statement considered harmful - LearnDay@Xoxzo #17
Goto statement considered harmful - LearnDay@Xoxzo #17
 
A very short history on drunkenness - LearnDay@Xoxzo #14
A very short history on drunkenness - LearnDay@Xoxzo #14A very short history on drunkenness - LearnDay@Xoxzo #14
A very short history on drunkenness - LearnDay@Xoxzo #14
 
PyCon JP 2019 LT - 「ありがとう」と言おう
PyCon JP 2019 LT - 「ありがとう」と言おうPyCon JP 2019 LT - 「ありがとう」と言おう
PyCon JP 2019 LT - 「ありがとう」と言おう
 
How to run a design sprint - LearnDay@Xoxzo #9
How to run a design sprint - LearnDay@Xoxzo #9How to run a design sprint - LearnDay@Xoxzo #9
How to run a design sprint - LearnDay@Xoxzo #9
 
Lightning Talk: PyCon Thailand 2019
Lightning Talk: PyCon Thailand 2019Lightning Talk: PyCon Thailand 2019
Lightning Talk: PyCon Thailand 2019
 
The Culture Map - LearnDay@Xoxzo #8
The Culture Map - LearnDay@Xoxzo #8The Culture Map - LearnDay@Xoxzo #8
The Culture Map - LearnDay@Xoxzo #8
 
Linear algebra power of abstraction - LearnDay@Xoxzo #5
Linear algebra power of abstraction - LearnDay@Xoxzo #5Linear algebra power of abstraction - LearnDay@Xoxzo #5
Linear algebra power of abstraction - LearnDay@Xoxzo #5
 
The Takumi Method - LearnDay@Xoxzo #1
The Takumi Method - LearnDay@Xoxzo #1The Takumi Method - LearnDay@Xoxzo #1
The Takumi Method - LearnDay@Xoxzo #1
 
Django osc2018-okinawa
Django osc2018-okinawaDjango osc2018-okinawa
Django osc2018-okinawa
 
多要素認証やSMSマーケティングを支えるテレフォニーAPI活用入門
多要素認証やSMSマーケティングを支えるテレフォニーAPI活用入門多要素認証やSMSマーケティングを支えるテレフォニーAPI活用入門
多要素認証やSMSマーケティングを支えるテレフォニーAPI活用入門
 
Working in a Fully Remote Organization: Challenges and How We Made it Work - ...
Working in a Fully Remote Organization: Challenges and How We Made it Work - ...Working in a Fully Remote Organization: Challenges and How We Made it Work - ...
Working in a Fully Remote Organization: Challenges and How We Made it Work - ...
 
JomLaunch 5.0 Sep 2017 by Iqbal Abdullah
JomLaunch 5.0 Sep 2017 by Iqbal AbdullahJomLaunch 5.0 Sep 2017 by Iqbal Abdullah
JomLaunch 5.0 Sep 2017 by Iqbal Abdullah
 
Introduction to Data Analysis
Introduction to Data AnalysisIntroduction to Data Analysis
Introduction to Data Analysis
 
XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017
 
初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門
 
djangoのmigrationはどう動いているか
djangoのmigrationはどう動いているかdjangoのmigrationはどう動いているか
djangoのmigrationはどう動いているか
 
PyCon APAC 2017
PyCon APAC 2017PyCon APAC 2017
PyCon APAC 2017
 
Pythonの隠れた武器
Pythonの隠れた武器Pythonの隠れた武器
Pythonの隠れた武器
 
The Secret Weapon Of Python
The Secret Weapon Of PythonThe Secret Weapon Of Python
The Secret Weapon Of Python
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

USB Hacking - LearnDay@Xoxzo #11

  • 2. Once upon a time There was a worm named Conficker. It was first detected in 2008. It infected a millions of computers and enjoyed a lot of media attention. Its second variant added the ability to spread via USB, exploiting Windows AutoRun. 20XX 20XX 20XX 20XX Infect lots of compu ters
  • 3. The USB Port How to identify USB? What kinds of device? Characteristics of USB?
  • 5. Device Classes Unspecified Audio Communications and CDC Control Human interface device (HID) Physical Interface Device (PID) Image (PTP/MTP) Printer Mass storage (MSC or UMS) USB hub CDC-Data Smart Card Content security Video Personal healthcare Audio/Video (AV) Billboard Diagnostic Device Wireless Controller Miscellaneous Application-specific Vendor-specific Thank you, Wikipedia
  • 7. Thank you, Wikipedia Inside a USB flash drive
  • 8. Development of USB Attacks Early stage Middle stage Late stage Timeline
  • 9. 2007 Adoption of Arduino and microcontrollers August 2007 10,000 Arduino boards in existence Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
  • 10. 2009 Exploring attacks on USB protocol, Fuzzing USB drivers using a microcontroller August 2009 DEFCON 17: USB Attacks: Fun with Plug & Own Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
  • 11. 2010 What if this pranking toy was programmable? August 2010 DEFCON 18: Programmable HID USB Keystroke Dongle (Teensy) Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
  • 12. 2011 More and more people were demonstrating ways to exploit how USB works to defeat security products using microcontrollers... July/August 2011 Black Hat: Exploiting USB Devices using Arduino Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
  • 13. 2012 … and hardware was developed to demonstrate attacks, improve research and become defining products of the category July 2012 DEFCON 20: Bypassing Endpoint Security for $20 or Less Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec February 2012 Raspberry Pi July 2012 Facedancer USB Rubber Ducky February 2012
  • 14.
  • 15. 2014 USB attacks officially get a name, people start demonstrating complex attacks Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec September 2014 Kali NetHunter August 2014 Black Hat: BadUSB- On Accessories that Turn Evil December 2014 USBDriveby
  • 16. 2015 From “how do you break this?”, to “how far can you take this?”, new USB attack appears Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec August 2015 DEFCON 23: USB Attack to Decrypt Wi Fi Communications October 2015 USB Killer 2.0 November 2015 Pi Zero Gadget mode works
  • 19. 2016 Big platform integrates functionality, commercial product becomes DIY, attacks use multiple device classes Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec January 2016 NetHunter integrates BadUSB May 2016 DIY USB Rubber Ducky November 2016 PoisonTap August 2016 Mr. Robot episode
  • 20.
  • 21. 2017 Products evolve, miniaturization, customizable platforms Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec March 2017 Bash Bunny April 2017 MalDuino February 2017 P4wnP1
  • 22.
  • 24. 2018 DIY your own USB attack, products for everybody, it’s already mainstream Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec April 2018 P4wnP1 a.l.o.a. August 2018 Malware-Infected USB Cables And more
  • 27. 2005 In fact, some research was already done but microcontrollers weren’t yet a thing Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec July 2005 Black Hat - Plug and Root, the USB Key to the Kingdom
  • 28. Figured out in 2005... Except it was uploaded in 2013