bag-de-body
-
Posts
2 -
Joined
-
Last visited
Posts posted by bag-de-body
-
-
Hmmm... so I'm thinking, how do I defend myself against this thing?
- Our PCs are fairly locked down - so you wouldn't (for example) be able to use Start>Run as a normal user.
- Physical security: Don't plug in unknown USB sticks when you're an administrator - common sense really - and naturally enough don't leave your machine physically accessible to third parties anyway.
- You might be able to detect this on the basis of the speed of typing - even if we assume a really fast typist, there's probably some sort of clue with respect to regularity of the keystrokes.
I suppose you could pretend to be a memory stick as well as a HID? We're used to occasionally seeing the "Windows has detected new hardware" message, and most of us will plug in a memory stick without really thinking. (Usually because we think our virus checker will protect us.) Assuming that you did go the Start>Run route, then you could deliver your payload while their back is turned with a wireless click - so they wouldn't see the momentary flash of the dialog on screen. You could even disguise it when they're browsing the net - they'd probably think it was a pop-up.
The key thing is to know it's out there, so you're better prepared.
That said, if you've physical access, wouldn't it be better to sit as a keylogger in between - perhaps disguised as a USB hub? You'd be more likely to go unnoticed, as you're being passive, not active?
[Question] Defences Against the Ducky?
in Classic USB Rubber Ducky
Posted · Edited by bag-de-body
Phew, luckily we do quite a lot of that with regard to physical security. They could get a cherry picker to get up to our office window - but I'm sure our CCTV operators would notice that overnight. During the day we have rabid children patrolling the site :-)