USB Rubber Ducky – Part 2: Attack of the HID

Background The USB Rubber Ducky was introduced in our previous post “The Return of USB Auto-Run Attacks“.  This is the first of many follow-ups, that introduce new attack scenarios and the increase in functionality, that really makes this tiny device a big part of the hearts of penetration testers. Brute-force attacks…

The Return of USB “Auto-Run” Attacks

Background USB Autorun attacks became the rage back in 2005.  Hak5 created a project to increase awareness of this security issue called USB-Hacksaw, originally a U3 device that would auto-run a series of programs.  This could be used from general system administration tasks, or potential malicious tasks; such as installing back-doors and running password collection programs.  Shortly, Vendors like Microsoft started to remove Auto-run capabilities to prevent more serious malware…