Jump to content

NotoriousTHC

Active Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Posts posted by NotoriousTHC

    Episode 4x25 - USB Device Tracking and PFsense

    in Hak5

    Posted

    I wasn't able to find any of the batch files we made from class, but I was able to find my notes I logged about the project. (Still waiting for reply for the instructor on if any other students toyed with USBDeview)

    Essentially here's a break down of how we got it to work (along with the road blocks we ran into)

    USBDeview (all this was done from the root of C:)

    1. Enable the advanced option that will run a bat/cmd/etc when a USB device is plugged in

    Options > Advanced Options -- Check the checkbox and insert this line of code:

    C:\TEST.BAT %serial_number%

    This will tell it to run TEST.BAT and use the parameter %serial_number% (sending the serial number of the device you just inserted)

    2. Find out the serial of the USB you want to eject (eg. Perpetrator's serial #) by looking in the serial column of USBDeview

    3. Create TEST.BAT and fill it with this code

    @echo off
IF %1==075A1890DD39 GOTO EJECT
GOTO END

:EJECT
usbdeview /stop_by_serial %1

:END

    Just replace the serial number in the batch file with the one you want to eject

    ROADBLOCKS

    - USBDeview needs to be open for it to run the bat/cmd/etc (Which make it difficult to be sneaky as an admin, user can just close the app)

    - AutoRun: the device will not eject if it is open in Explorer or being accessed (We found that more admins disable autorun in Group Policy anyway for security purposes)

    We hypothesized that if we could get USBDeview to run in the background as a hidden process that it might be able to run the bat/cmd/etc without having a GUI/tray icon.

    Episode 4x25 - USB Device Tracking and PFsense

    in Hak5

    Posted

    Chris' USB forensic segment reminded me of a lab I was creating for my Forensic's course using USBDeview as a "phone home" type of scenario.

    Using USBDeview's autorun feature when a USB device is plugged in (assuming the .exe has been incorporated into the network's Windows installs) and it can disable certain USB devices via serial number...all from bat/cmd files.

    EX: You know of a perp that has been roaming around snagging files (in my case it was to stop students that were accessing SMB shares of pirated music and taking them home, naughty naughty) and you've done your analysis and know the USB drives that are roaming around. By updating the cmd/bat scripts that the USBDeview uses to autorun, it can disable and/or eject the device; essentially not giving them access even if they plugged it in.

    Now this took a lot of administration and requires the admin to be on top of their sh*t, but im sure my instructor has had a few quarters to polish it up. I'll get in contact with him and see if there is anything to add to Chris' project! Super-dee-duper forensics Chris! (BTW: Windows Network Forensics and Investigation from SYBEX is a killer book I would recommend checking out too!)

    Energy Drinks

    in Everything Else

    Posted

    If anyone leaves near a local University campus, University of Washington here, the Red Bull street teams are EVERYWHERE. Taking a small stroll down to the 'Ave you can score like 6-7 red bulls since the teams just need to get rid of em.

    Episode 4x24

    in Hak5

    Posted

    Twit-agochi! haha LOVE IT!

    Reminded me of the Digimon battle pets from back in the day. Be interesting to see if anyone can formulate a similiar system you designed for your twit-agochi but with a battling sub-system.

    If no one feels inspired by that, I think I'll add this to my ever growing list of projects!

    Very neat idea Darren!

    Introduce yourself

    in Everything Else

    Posted

    Favorite game: twistin L's

    Favorite OS: XP/Server2008

    Favorite console: Xbox360

    Nationality: US

    Sex: Male

    Age: 21

    Race: White American

    Height: 6 foot

    Status: Dating schoolwork

    Build: Tall slender

    Favorite band: Kottonmouth Kings

    Favorite movie: Zeitgeist

    Favorite TV Show: DEA, Cops, South Park

    Favorite actor: Jason Statham

    Favorite actress: Angelina Jolie

    Favorite Pinup: Angelina Jolie

    Favorite Comedian: Katt Williams

    Other hobbies: Longboarding, Chronic, Cannabis activism, IT Professional, Student

    Car: Loaded 2006 Vanguard - 97mm Flywheels

    Occupation: Helpdesk and Network Technician (Education)

×
×
  • Create New...