systemsplanet Posted March 17, 2020 Share Posted March 17, 2020 Do any Hack5 devices allow you to specify/clone the reported USB Hardware ID? https://www.cybrary.it/blog/0p3n/usb-forensics-find-the-history-of-every-connected-usb-device-on-your-computer/ What stops an Admin from creating a script that scans the windows registry for your USB Hardware Ids? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted March 17, 2020 Share Posted March 17, 2020 Yes. The ATTACKMODE command supports spoofing multiple ID values including VID, PID, Manufacturer, and Serial Number. 1 Quote Link to comment Share on other sites More sharing options...
systemsplanet Posted March 17, 2020 Author Share Posted March 17, 2020 Thanks Darren for the quick reply. To clarify, have you ever verified that no changes are made to the window's registry, i.e. it's not detectable? For example: clone an existing PC keyboard's VIP/PID/Mfg/SN to the ducky dump the PC windows registry to a text file remove the cloned PC keyboard insert the Bash Bunny for the 1st time dump the windows registry to a text file again diff the two registry dumps to see if anything changed If a new keyboard is detectable, then it won't work for our application that can't risk breaking the windows registry on a mission critical PC. We previously bought a very expensive HDMI EDID cloaner that claimed to have transparent monitor pass-though, but when I diffed the registry, some of the EDID values had changed. So we scrapped the idea of using HDMI and are now trying USB. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.