Collaborate Disseminate
Issue with Digispark Driver Installation
I recently acquired a Digispark from this source. Upon attempting to connect it to my Windows 11 laptop, I noticed that the device initially lights up green, but after about five seconds, the red li… Continue reading Trouble in setting up rubberducky clone [migrated]
Assuming a threat actor would not have a huge amount of resources or is a script kiddie (he could not write a 0-day but he could buy a rubber ducky); in a Windows 10 environment, if the workstation is fully patched, would disabling USB dat… Continue reading Is disabling USB data transfers still useful to protect a patched W10/11 workstation?
OpenWrt announced a problem in opkg, their super-lightweight package manager. OpenWrt’s target hardware, routers, make for an interesting security challenge. A Linux install that fits in just 4 MB of flash memory is a minor miracle in itself, and many compromises had to be made. In this case, we’re interested …read more
Continue reading This Week in Security: OpenWrt, ZOOM, and Systemd
No it’s not an open source version of Bert’s favorite bathtime toy (though seriously, let us know if you see one), the PocketAdmin by [Radik Bechmetov] is intended to be an alternative to the well-known “USB Rubber Ducky” penetration testing tool from Hak5. It might look like a standard USB …read more
The USB Rubber Ducky burst onto the scene a few years ago, and invented a new attack vector – keystroke injection. The malicious USB device presents itself as a keyboard to the target system, blurting out keystrokes at up to 1000 words per minute. The device is typically used to open a phishing site or otherwise enter commands to exfiltrate data from the victim. Now things have stepped up a notch, with ESPloitV2 – a WiFi-enabled take on the same concept.
Running on the Cactus WHID platform, the device is so named for the ESP12 WiFi microcontroller it employs, along …read more
Continue reading A Malicious WiFi Backdoor In A Keyboard’s Clothing
For Hackaday readers who might not spend their free time spinning electronic beats at raves, the Launchpad by Novation is a popular peripheral for creating digital music with tools such as Ableton Live. It’s 8×8 grid of RGB LED backlit buttons are used to trigger different beats and clips by sending MIDI commands to the computer over USB. While not a strict requirement for performing digital music, it also helps that it looks like you’re flying a spaceship when using it.
It’s definitely a slick piece of gear, but the limited stock functionality means you’re unlikely to see one outside …read more
Continue reading Launchpad MIDI Controller Put to Work with Python
The “Rubber Ducky” by Hak5 is a very powerful tool that lets the user perform rapid keystroke injection attacks, which is basically a fancy way of saying the device can type fast. Capable of entering text at over 1000 WPM, Mavis Beacon’s got nothing on this $45 gadget. Within just a few seconds of plugging it in, a properly programmed script can do all sorts of damage. Just think of all the havoc that can be caused by an attacker typing in commands on the local machine, and now image they are also the Flash.
But unless you’re a professional …read more
Continue reading DIY Rubber Ducky is as Cheap as its Namesake
We were lucky enough to get our hands on a hand-soldered prototype of the new Hacker Warehouse badge, and boy is this one a treat. It’s fashionable, it’s blinky, and most impressively, it’s a very useful tool. This badge can replace the Google Authenticator two factor authentication app on your phone, and it’s a USB Rubber Ducky. It’s also a badge. Is this the year badges become useful? Check out the video below to find out more.
This is the time of year when hardware hackers from all across North America are busy working on the demoscene of hardware and …read more
Continue reading A Sneak Preview Of The Hacker Warehouse Badge
J0hn_D0ugh$ – So there I was once again enjoying my victory. I wasn’t technically done yet, however all of the hard stuff had already been done. I’m not a hacker just for the money. I’ve made enough of that already. Such is the … Continue reading The Modern Day Hacker – A Cautionary Tale
Many of us use a 4 digit pin code to lock our phones. [David Randolph] over at Hak5 has come up a simple way to use a 3D printer to brute force these passwords. Just about every 3D printer out there speaks the same language, G-code. The same language used in CAD and CNC machines for decades.
[David] placed a numeric keypad on the bed of his printer. He then mapped out the height and positions of each key. Once he knew the absolute positions of the keys, it was easy to tell the printer to move to a key, …read more
