systemsplanet Posted March 17, 2020 Posted March 17, 2020 Do any Hack5 devices allow you to specify/clone the reported USB Hardware ID? https://www.cybrary.it/blog/0p3n/usb-forensics-find-the-history-of-every-connected-usb-device-on-your-computer/ What stops an Admin from creating a script that scans the windows registry for your USB Hardware Ids?
Darren Kitchen Posted March 17, 2020 Posted March 17, 2020 Yes. The ATTACKMODE command supports spoofing multiple ID values including VID, PID, Manufacturer, and Serial Number.
systemsplanet Posted March 17, 2020 Author Posted March 17, 2020 Thanks Darren for the quick reply. To clarify, have you ever verified that no changes are made to the window's registry, i.e. it's not detectable? For example: clone an existing PC keyboard's VIP/PID/Mfg/SN to the ducky dump the PC windows registry to a text file remove the cloned PC keyboard insert the Bash Bunny for the 1st time dump the windows registry to a text file again diff the two registry dumps to see if anything changed If a new keyboard is detectable, then it won't work for our application that can't risk breaking the windows registry on a mission critical PC. We previously bought a very expensive HDMI EDID cloaner that claimed to have transparent monitor pass-though, but when I diffed the registry, some of the EDID values had changed. So we scrapped the idea of using HDMI and are now trying USB.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.