Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Universal Serial aBUSe - Remote Physical Access Attacks

44CON Information Security Conference via YouTube

Overview

Explore novel USB-level attacks providing remote command and control of air-gapped machines with minimal forensic footprint in this 40-minute conference talk from the 44CON Information Security Conference. Delve into the creation of malicious USB devices using low-cost hardware, focusing on stealthy bi-directional communication channels between host and device. Learn about remote connectivity via 3G/Wi-Fi/Bluetooth, offloading complexity to hardware, and leaving only a small stub on the host. Discover improvements over existing work, including bypassing network controls and minimizing forensic trails. Gain insights into demonstrating physical bypass risks of software security without an extensive budget, and understand the importance of building defenses in this area.

Syllabus

Intro
Quick Intro
Why did you pursue this attack
Cottonmouth Devices
Apex Predator
Physical Inspection
Remote Trigger
Avoid obvious vectors
Automated
User Interaction
Previous Work
Cactus Micro Revision 2
Building our own board
Finished Hardware
Attack Scenario
ESPLink
LEAP Stack
Injection
VNC
USB Drivers
Back Channel
Scripted VNC
Debugging
Pogo Pins
Vanilla Shell
Using existing attack frameworks
USB Security

Taught by

44CON Information Security Conference

Reviews

Start your review of Universal Serial aBUSe - Remote Physical Access Attacks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.