USB Rubber Ducky – Part 3: Crypto Duck

Background The USB Rubber Ducky is an extremely powerful and versatile device.  Sadly, the potential is missed, and this is probably due to its high price tag (from an initial small development production run).  Since its release mid-late 2011, the Ducky has grown in popularity and the Hak5 Team have more than doubled their production run, meaning costs have been slashed in half.  Potentially with enough interest and investment the…

USB Rubber Ducky – Part 2: Attack of the HID

Background The USB Rubber Ducky was introduced in our previous post “The Return of USB Auto-Run Attacks“.  This is the first of many follow-ups, that introduce new attack scenarios and the increase in functionality, that really makes this tiny device a big part of the hearts of penetration testers. Brute-force attacks…

The Return of USB “Auto-Run” Attacks

Background USB Autorun attacks became the rage back in 2005.  Hak5 created a project to increase awareness of this security issue called USB-Hacksaw, originally a U3 device that would auto-run a series of programs.  This could be used from general system administration tasks, or potential malicious tasks; such as installing back-doors and running password collection programs.  Shortly, Vendors like Microsoft started to remove Auto-run capabilities to prevent more serious malware…