What you’ll learn
Hacking with Human Interface devices
Writing your first ethical hacking payload
Creating advanced tracking payloads
How Social Engineering & HID attacks work
Arduino IDE Basics
Requirements
Computer running MacOS, Linux, or Windows
Arduino IDE installed (free)
Digispark ATTiny85 USB Development Board (~$2 each)
Useful but not required: Basic knowledge of Arduino IDE & terminal commands
Description
Installing backdoors, exfiltrating documents, or capturing credentials is incredibly easy with a seemingly innocent USB drive called the USB Rubber Ducky. An Expert hacker with a few minutes, photographic memory and perfect typing accuracy can use a few well-crafted keystrokes to hack virtually anything they have physical access to. However, the right hardware can do the same thing every time on demand without fail. That’s where the Rubber Ducky and other Human Interface Devices (HID) come into play. They inject keystrokes at superhuman speeds, violating the inherent trust computers have in humans by posing as a keyboard.
In this class, we’ll learn more about what HID attacks are, how they work, the social engineering that can be involved in their deployment, and how to use them in your Pen-testing engagements. Keyboards announce themselves to computers as HID devices and are in turn automatically recognized and accepted. We’ll program a microcontroller in Arduino to take advantage of this by acting as an HID device. We can then create our scripts that run when the device is plugged into a target computer. All at only a fraction of the cost of the more well-branded USB Rubber Ducky!
Students will learn to use a low-cost Digispark to program their payloads for use in Ethical Hacking and Penetration testing. We’ll go over creating more advanced payloads, including tracking payloads which run in the background, as well as Rickroll payloads which can be used with permission on friends and family to demonstrate how HID attacks work. Additionally, students learn to automate nearly anything on an unattended device which can be extremely useful when you need to run the same commands on a series of computers. That’s how the Original USB Ruber Ducky was invented. Hak5 founder Darren Kitchen, while working as a sysadmin, got tired of typing the same commands to fix printers and network shares, again and again, the device evolved out of laziness. He programmed a development board to emulate the typing for him - and thus the keystroke injection attack was born.
Who this course is for:
Beginner Ethical hackers
Beginner Whitehat Hackers
Computer science students
Cybersecurity students
Beginners interested in hacking
Beginners interested in programming
[Hidden content]