Bitdefender AV stop most of Bash Bunny attacks

[Predator]

I played around with my Bash Bunny and most attacks that involve copying scripts to target will be stopped by Bitdefender AV. So if targeting a computer that might have ESET, Bitdefender etc you should never use attackmode STORAGE since your Bash Bunny's payload dir will be whiped by these two AV. Had a hard fight to even update the payload dir with bunnyupdater with the Bitdefender running 😉

But this is a nice device if used for the right purpose and you need to keep in mind that the target might have a nasty AV that can and will immunize your Bash Bunny instantly.
If you do want to test humans you should use Rubber Ducky and Bash Bunny for quick plugin/plugout operations.

[fneagle]

Would it help, if you insert a delay between STRING character inputs?  It could be possible that AV is detecting the keystoke injection because of "fast typing" 🙂

[Predator]

Maybe but it won't detect a pure HID device, if I run Rubber Ducky on HID, Masstorage it won't detect it. Probably it detect BB just because it shows entire filsystem while in masstorage mode. 

Have to run more tests with this, when running pure HID BB is undetected. 

[fneagle]

What version of Bitdefender are you using? I've tried Bitdefender Total Security 2020 an my Bash Bunny was not detected. I was able to run my example script without a problem.

 

 

[Predator]

1 hour ago, fneagle said:

What version of Bitdefender are you using? I've tried Bitdefender Total Security 2020 an my Bash Bunny was not detected. I was able to run my example script without a problem.

 

 

Weird, I have Bitdefender Total Security 2020 too but mine stops everything, it even immunize the USB-drive when inserted disabling every script it finds that can be harmful etc.