overwraith Posted January 24, 2013 Posted January 24, 2013 Apparently Semantec endpoint protection can block USB Rubber Ducky attacks, will changing the VID/PID number circumvent this blocking, or is a more creative solution required? Quote
PineDominator Posted January 24, 2013 Posted January 24, 2013 Apparently Semantec endpoint protection can block USB Rubber Ducky attacks, will changing the VID/PID number circumvent this blocking, or is a more creative solution required? I was thinking the duck could be blocked by detecting keystroke speed Quote
Solution no42 Posted January 24, 2013 Solution Posted January 24, 2013 Yes, until these guys get wise! Symantec, Sophos, and lumension (old versions)can be bypassed! Lumension just released new version, that dictates what users are allowed USB. If you user isn't allowed USB, ducky will be blocked. Windows 7+ GPO settings can also block the duck. Other versions and products, block by vid&pid hence version2 firmware makes it easier for you to change these values without re flashing. Go forth, and quack the system, my ducklings! Quote
overwraith Posted January 24, 2013 Author Posted January 24, 2013 (edited) I just tried the VID/PID change on the Semantec endpoint protection, and I can verify that the change does work. Are there any other ways the antivirus companies can block us, so we can get ahead of the curve in preventing the antivirus companies from blocking us? -If they take into account the speed at which we type the payloads, we can create bash scripts to randomize the delay values between commands or even letters. Could even modify the duck script language to do it automatically. Edited January 24, 2013 by overwraith Quote
PineDominator Posted January 25, 2013 Posted January 25, 2013 I just tried the VID/PID change on the Semantec endpoint protection, and I can verify that the change does work. Are there any other ways the antivirus companies can block us, so we can get ahead of the curve in preventing the antivirus companies from blocking us? -If they take into account the speed at which we type the payloads, we can create bash scripts to randomize the delay values between commands or even letters. Could even modify the duck script language to do it automatically. If you do preemptive stuff to avert anti virus they find our tricks faster Quote
overwraith Posted January 25, 2013 Author Posted January 25, 2013 If you do preemptive stuff to avert anti virus they find our tricks faster ok. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.