A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Intercepting USB Traffic for Attack and Defense - Brandon Wilson Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Intercepting USB Traffic for Attack and Defense
Brandon Wilson
Derbycon 2015

BadUSB reminded the world about the dangers of maliciously intelligent USB devices such as flash drives with modified firmware, but little has been released to effectively defend against the threat. A customizable man-in-the-middle USB connection can not only do that, but provide even more benefits to both attackers and defenders, such as modifying or denying specific traffic (similar to a USB write blocker) or bypassing mass storage restrictions in a locked-down corporate environment. In this talk, I will explain how to easily assemble a USB passthrough device using cheap, existing hardware and flash it to either attack ‰ÛÏsecure‰Û environments, or isolate yourself from untrustworthy or potentially malicious peripherals. Instructions for purchasing the hardware, assembling it, and code for several different scenarios will be released and demonstrated.

Brandon Wilson is an independent security researcher and software developer. He has more than a decade of experience in reverse-engineering embedded systems and protocols, from graphing calculators to gaming consoles to flash drives. He has appeared in numerous publications such as the Wall Street Journal and Wired, and also collects DMCA takedown notices for fun.

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast