Thread replies: 69
Thread images: 9
Thread images: 9
File: 1493505796559.png (162KB, 477x397px) Image search:
[Google]
162KB, 477x397px
>USB HWRD is a keystroke injection tool disguised as a generic flash drive. Since computers inherently trust keyboards, they recognize USB HWRD as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute.
>Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, and many other automated functions for the penetration tester and systems administrator.
How do you defend against this? Other than plugging your USB sockets with hot glue...
>>
You can also physically disconnect your USB ports.
>>
systemd is already the solution
>>
File: 1502681406626.png (7KB, 294x171px) Image search:
[Google]
7KB, 294x171px
Have you ever thought about locking your screen whenever you're not in front of your computer, retard?
>>
>>61919695
I would definately know if someone somehow snuck into my house at night and plugged one of those in my laptop
>>
>>61919722
yeah, but that's pain in the ass. I'm hoping for a SW solution.
>>
>>61919749
>I would definately know if someone somehow snuck into my house at night and plugged one of those in my laptop
what if your house got swatted? you'd be so scared, surprised and confused that they'd be in your room in like 5 seconds and you'd be sitting with your dick in your hand with a bedazzled look on your face.
>>
>>61919695
hotglue in your usb ports
>>
>>61919751
Oh there's a great software solution. You can make any OS disable the USB bus until you manually enable it for your own use. But doing something by software is always a waiting game until someone inevitably finds the way around it. On the other hand there's no "way around" physical means short of removing them.
>>
WARNING
>WARNING
WARNING
>WARNING
>HACKERS can now BREAK INTO YOUR FUCKING HOUSE and KICK YOUR GODDAMN COMPUTER DOWN THE STAIRS
I'm scared bro's. How do we defend against this?
>>
>>61919776
By using the cloud.
>>
1. Password.
"Hi new keyboard detected, please type in your password"
If they have your password they don't need to come in and do a HID attack in the first place.
>>
>>61919776
single level dwellings only.
no porch steps.
seal off any upper floors or basements you might have, while you put your home on the market and invest in a more secure single level dwelling
>>
File: apple-macbook-2016-23[1].jpg (34KB, 770x433px) Image search:
[Google]
![apple-macbook-2016-23[1].jpg](https://i.imgur.com/0En2Um9.jpg "apple-macbook-2016-23[1]")
34KB, 770x433px
>>61919695
Apple MacBook Retina don't has this problem
>>
>>61919695
Are you the same guy who keeps letting mexicans recharge their phones or some shit via your ports?
Stop letting people into your holes, man
>>
>>61919767
>what if your house got swatted
I would still notice the USB stick protruding out of the side of my laptop
>>
>>61919767
I've got bigger problems if I'm getting swatted
>>
>>61919812
Thats why....
This explains EVERYTHING!
>>
>>61919695
>falling for the USB Jew
Use a 486 system like a good Christian.
>>
File: 1480032381656.jpg (35KB, 444x527px) Image search:
[Google]
35KB, 444x527px
Say you want to pentest some company... all you need to do is drop few of these around the parking lot just before the lunch break and by the end of the day, you'll have access to pretty much everything in the company.
>>
https://en.m.wikipedia.org/wiki/USBKill
You dumb-dumbs.
>>
>>61919864
Unless they pass the test. Though maybe you're interested in accessing the systems of some local small business?
>>
>>61919882
Heh you have no fucking idea.
>>
>>61919882
>Unless they pass the test.
they wont. no one does. especially if you buy a pink USB stick and label the drive "personal photos". some duckies also have some USB storage as well so you can upload some amateur nudes so the victim doesn't suspect a thing and even takes it home.
>>
If they have physical access what's stopping them from just taking the whole damn system
>>
>>61919896
I have the idea that every company I've ever worked for has disallowed USB media. Not just as a personnel policy but as a technical one. I already agreed that small places might be vulnerable but this is pretty basic IT security by now.
>>
>>61919749
definitely
>>
>>61919920
>no one does
I feel like /g/ is trapped in 1997 or something. I could probably hire any NEET off this board for IT security and this would be the first thing they'd think to do. I'm sure there are untold clever attack vectors out there but USB is pretty bush league by now.
>>
>>61919933
>If they have physical access what's stopping them from just taking the whole damn system
FDE you moron.
>>
>>61919987
do you do pentesting for living? obviously not. stay in school kid.
>>
>>61920000
>for living
Do you speak English for a living? Stay in Chennai, Pajeet.
>>
File: sweetie.jpg (188KB, 1528x1530px) Image search:
[Google]
188KB, 1528x1530px
>>61919880
>phoneposter
>calling someone else dumb
>>
>>61919987
That method hasn't stopped working and it's why high-security system still have all ports closed with epoxy.
>>
>>61919695
What is even more terrifying is that any number of your USB devices may have malicious firmware and you have virtually not way to know about it. You may even have such devices plugged into your computer right now. Used hardware and cheapo Chinese USB devices come to mind.
>>
>>61919695
If someone gets physical access to your machine, you're fucked.
That's how it is, that's how it will always be.
You don't even need toys like that, just restart the computer and single user mode and it's yours.
>>
>>61920030
>quads of btfo
Nice.
>>
File: 1490250178192.jpg (114KB, 1600x900px) Image search:
[Google]
114KB, 1600x900px
you can also do mousejacking and just scan for sheep who use vulnerable USB wireless mice from Logitech or other manufacturers. you can hack them in no time. they won't even see a command prompt pop up. you can have fun at coffee shops.
ps: doesnt work on BT or apple mice tho.
>>
>>61919695
> 1000 words per minute
But I can only type 65 words/minute
>>
>>61920142
>If someone gets physical access to your machine, you're fucked.
>That's how it is, that's how it will always be.
you're a moron. learn what FDE does.
>>
>>61920034
Not an argument. I'm glad my intellect intimidates and upsets you. :^) You shouldn't get mad at the guy who just helped you and the other bumbling brainlets in the threads (a simple "thanks" would suffice), but... well, I've already accepted that the road to greatness is a high and lonely one. Better than being stupid, haha!
>>
>>61919695
How would it do anything without knowing my password?
It can't execute any binaries or scripts
>>
>>61920213
Dumb phoneposter.
>>
>>61919880
>>61920180
>you're a moron. learn what FDE does.
This thread is about getting access to your device in a powered-on state. Your're are files are decrypted in that state familiapai
>>
>>61920168
Again, what the fuck are you gonna do? Randomly click around hoping for something to happen?
>>
>>61919812
I doesn't have CUDA either.
>>
>>61920180
They can still plant malware in the UEFI or any other firmware (keyboard controller, mouse, webcam, etc) that will activate once you unlock the PC
>>
>>61920261
>incomprehensible gibberish
speak English or die.
>>
>>61920286
not if it's locked.
>>
>>61920308
So every chip running some kind of firmware on your motherboard can be password protected?
>>
>>61919987
>what is stuxnet
>>
>>61920287
you're making dumb points. you know exactly what he's trying to say. did you ever study a second language anon?
>>
Disable them either in hardware or via UEFI.
But really, what >>61920142 said. If someone with malicious intent gets physical access, you're fucked anyway.
>>
>>61919776
lololol
>>
Anybody with physical access can and will compromise your device.
>>
>How do you defend against this?
I don't have random fucking people coming into my place to insert shit into my computer, do you?
>>
>>61919695
Disable usb keyboards. Use thonkpad keyboard only
>>
>>61919695
If someone has physical access your already pretty much fucked.
>>
>>61919767
>Get swatted
>FBI plug in HID that puts in specific keystrokes instead of collecting laptop for evidence.
lmao Why would they do that?
>>
>>61919695
Shoot anybody who's in my house
>>
File: 1483323136317.jpg (72KB, 568x798px) Image search:
[Google]
72KB, 568x798px
>>61920474
>random fucking
that was superfluous. no one has ever been to your room, period. #foreveralone
>>
File: 1501733150899.jpg (374KB, 1280x1406px) Image search:
[Google]
374KB, 1280x1406px
>>61920572
>lmao
complete fucking low IQ moron detected.
https://www.youtube.com/watch?v=GNzTQVWggDA
>>
>>61920630
>the wall plug part
ameriplugs btfo, schutzkontakt master race!
>>
>>61920630
this wouldn't work on my computer because I have a live grenade hid under the mobo
>>
>>61920751
>ameriplugs btfo, schutzkontakt master race!
it's only a bit more difficult... requires destroying the face plate. but in only takes 2 min more and destroys your property.
>>
>>61920597
You are actually correct. I live in a studio apartment so there is no 'room'. Females have been here though so you're still wrong.
>>
>breaking news: your computer can be hacked if the hacker has physical access to it
>>
>>61920882
>Females have been here though so you're still wrong.
Landlord and female cops don't count.
>>
>>61919767
>What does Super+L do
The government taught me this shortcut when I worked for them, Anon. Now you can use it against them.
>>
>>61919987
It also works really well on college campuses.
Thread posts: 69
Thread images: 9
Thread images: 9