systemsplanet Posted March 17, 2020 Share Posted March 17, 2020 Do any Hack5 devices allow you to specify/clone the reported USB Hardware ID? https://www.cybrary.it/blog/0p3n/usb-forensics-find-the-history-of-every-connected-usb-device-on-your-computer/ What stops an Admin from creating a script that scans the windows registry for your USB Hardware Ids? Link to comment Share on other sites More sharing options...
Darren Kitchen Posted March 17, 2020 Share Posted March 17, 2020 Yes. The ATTACKMODE command supports spoofing multiple ID values including VID, PID, Manufacturer, and Serial Number. Link to comment Share on other sites More sharing options...
systemsplanet Posted March 17, 2020 Author Share Posted March 17, 2020 Thanks Darren for the quick reply. To clarify, have you ever verified that no changes are made to the window's registry, i.e. it's not detectable? For example: clone an existing PC keyboard's VIP/PID/Mfg/SN to the ducky dump the PC windows registry to a text file remove the cloned PC keyboard insert the Bash Bunny for the 1st time dump the windows registry to a text file again diff the two registry dumps to see if anything changed If a new keyboard is detectable, then it won't work for our application that can't risk breaking the windows registry on a mission critical PC. We previously bought a very expensive HDMI EDID cloaner that claimed to have transparent monitor pass-though, but when I diffed the registry, some of the EDID values had changed. So we scrapped the idea of using HDMI and are now trying USB. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.