Collaborate Disseminate
From what I’ve seen, USB-based attacks such as RubberDucky need to be able to open a terminal and then execute commands from there, usually to download and then install malware or to open a reverse shell.
Is this how most, if not all USB-… Continue reading Are all USB-based attacks dependent on being able to inject keystrokes?
There is a requirement for an unattended, publicly-accessible machine that I have to only allow company-approved USB devices (e.g., USB mass storage, keyboard, mouse, Bluetooth, etc.,) and block all the rest (non-approved).
Even though PI… Continue reading Secure USB (unique identifier)
I am wondering where the firmware / driver is stored on these devices? If it cannot be used as a storage device, how could it possibly store any firmware for itself?
How could I access these “files”? I cannot access the driv… Continue reading Where are the drivers stored on usb receivers?
So I recently ordered a chinese external USB card and I would like to find out whether it has some hidden functionality, which might become malicious. It has buttons integrated in it so Linux using libusb -vv displays it of h… Continue reading How to analyze a USB device of having possibly malicious capabilities?
I am trying to understand what generic risks are there in using my thumb drive to transfer files to some untrusted machine and plugging it back to my Windows device. Specifically I am interested in generic threats when I plug… Continue reading What are the main attack vectors on USB storage drives on Windows 10?
There’s long been much handwringing around Halloween around the prospect of pins, needles and razor blades being hidden in candy and passed out to children. On the very rare occasion this does happen, the outcome is normally little more than some superficial cuts. However, for 2019, [MG] has developed an …read more
Continue reading Check Your Halloween Candy For Malicious Payloads
Lot of posts about badUSB (here and there) suggest to use a PS/2 connector for mouse and keyboard or to whitelisted USB devices or even use a hardware firewall that only allows whitelisted commands.
The purpose is to protect the usb devic… Continue reading Non-upgradable usb device against badUSB
Are internal components vulnerable to BadUSB? Say you have a laptop. Even if you don’t use any USB devices (like mice and keyboard), if the laptop has internal components that connect through USB (like a webcam and fingerprint reader) coul… Continue reading Consequence of BadUSB and laptops?
I’ve got two Kingston DataTraveler 100 G3s, each with 32GB capacity. I checked their controllers and both have the Phison 2309 controllers in them. I’ve tried Googling around to check if the PS2309 controllers are also susceptible to the B… Continue reading Phison 2309 susceptible to Bad USB?
Vishwanath Akuthota didn’t make it hard for authorities to prove that he was the person who destroyed $58,000 worth of college equipment using a USB stick.
Read more in my article on the Tripwire State of Security blog.
Continue reading Man fried over 50 college computers with weaponized USB stick