Talk - Infectious Media with Rubber Ducky

Kim Carter
Risks Countermeasures Slides

Abstract

This talk is based on the Infectious Media section in the People chapter of Kims new book Holistic Infosec for Web Developers and also demonstrated in Kim’s Kiwicon training.

Date
Nov 27, 2015 07:30 AM — 07:37 AM
Event
Toastmasters (Boaters)
Location
Speight’s Ale House, Function Room, 263 Bealey Avenue, Christchurch

In this talk Kim walks through the psychology of why humans succumb to infectious media attacks and how the attacker is easily able to leverage the human weaknesses to do their bidding. This is a very useful and effective approach at getting inside a target organisation with no physical or network access.


When the human weaknesses are coupled with the inherent trust of Human Interface Devices (HID) we have a recipe for success, or disaster depending on which side of the equation you are on.

Kim walks through:

  1. Ducky Script
  2. Encoding the payload
  3. Loading the SD card and card into the device
  4. Distributing the devices
  5. Launching attacks

The community contributed attacks are also discussed and how to extend them.

Finally mitigation techniques are explored. Including using the device of compromise to train potential targets how not to be targets.

talk hacking cybersecurity holistic-info-sec-for-web-developers information-security infosec people-security physical-security security security-weaknesses
Kim Carter
Kim Carter
Technologist / Engineer, Information Security Professional

Technologist / Engineer, Information Security Professional, Entrepreneur and the founder of BinaryMist Ltd and PurpleTeam-Labs. Ex OWASP NZ Chapter Leader of eight years. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains.