Talk - Infectious Media with Rubber Ducky

Abstract

This talk is based on the Infectious Media section in the People chapter of Kims new book Holistic Infosec for Web Developers and also demonstrated in Kim’s Kiwicon training.

Date
Event
Toastmasters (Boaters)
Location
Speight’s Ale House, Function Room, 263 Bealey Avenue, Christchurch

In this talk Kim walks through the psychology of why humans succumb to infectious media attacks and how the attacker is easily able to leverage the human weaknesses to do their bidding. This is a very useful and effective approach at getting inside a target organisation with no physical or network access.


When the human weaknesses are coupled with the inherent trust of Human Interface Devices (HID) we have a recipe for success, or disaster depending on which side of the equation you are on.

Kim walks through:

  1. Ducky Script
  2. Encoding the payload
  3. Loading the SD card and card into the device
  4. Distributing the devices
  5. Launching attacks

The community contributed attacks are also discussed and how to extend them.

Finally mitigation techniques are explored. Including using the device of compromise to train potential targets how not to be targets.