Abstract image of a woman sitting on books and studying on a laptop

ABYSS OF BADUSB

S
ssuser6c19e1

This document summarizes a presentation about BadUSB given by a Japanese student named MOPI. MOPI discusses the history of BadUSB, how the original exploits were reverse engineered and released on GitHub, and limitations of the true BadUSB exploits. MOPI then explains how Arduino boards can be used to implement BadUSB payloads and provides a simple example Python script to demonstrate a basic USB-based dropper.

Technology
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
ABYSS OF BADUSB MOPI – Japanese student who researches about information security
#WHOAMI MOPI (plz follow me on twitter => @naogramer) • Senior High-school Student in Japan (Grade 11th) • Like to use Python 3.x, C++ (with Win32 API) • Most interested topic = DFIR (Digital Forensics Incident Response • Sorry for bad English …… (Studied abroad in Canada for just 1 year) 401 – Unauthorized I don‘t want to release my face to internet…… Actually, there is some but…… orz.
WHAT IS BADUSB USB device with malicious firmware which uses to get all secret data inside your computer and mess up everything.
LETS TALK ABOUT BORING HISTORY Actually, BadUSB is not BadUSB. $ alias BadUSB BadUSB
REAL AND TRUE BADUSB This is the “REVERSE ENGINEERED” real and true BadUSB. (Psychson)
REVERSE ENGINEERED…… True, real, and original BadUSB exploits are not available. Information of exploits has been released in BlackHat USA 2014, but exploit code wasn’t released out. BOOM!!! But some challenger reverse engineered and released on GitHub!!!
TRUE AND REAL ONE IS USELESS… Psychson only supports really few specific USB devices, and some of them are already discontinued or fixed up.
ARDUINO IS GREAT DECISION Some Arduino boards support USB output function. This will be big help if you are beginner, because it officially supports everything needs in BadUSB.
HOW_2_ATTACK • Payload format depends on the types of BadUSB (If you are using Arduino, you can write payload with C-like lang.) • You should make stealth (no GUI, silence) as much as you can. • There is many advanced options. (eg: RAT, Dropper, etc…)
LET’S TRY I have implemented simple dropper code for USB output supported Arduino. GitHub Repository: https://gist.github.com/moppoi5168/e64466fd748e7169dfd6521241a74bfb
WHAT IS THIS CODE DOING It opens command prompt (administrator) and download execution files to c:¥windows_update.exe using PowerShell. And then it will execute c:¥windows_update.exe. Very simple dropper J.
ANY QUESTIONS?

More Related Content

PDF
PYTHON: From programmer to tamer
Alessandro Pisa
 
PDF
Do you want to build a robot
Anna Gerber
 
PDF
iOS Internals Part -2
Anthony Jose
 
PDF
D1T3-Anto-Joseph-Droid-FF
Anthony Jose
 
PPTX
Debugging Tips and Tricks - iOS Conf Singapore 2015
Fahim Farook
 
PPTX
OSINT like a Boss & Python Automation
Santhosh Baswa
 
PDF
The challenges of file formats
Ange Albertini
 
PDF
2.2. Introduction to Arduino
defconmoscow
 
PYTHON: From programmer to tamer
Alessandro Pisa
 
Do you want to build a robot
Anna Gerber
 
iOS Internals Part -2
Anthony Jose
 
D1T3-Anto-Joseph-Droid-FF
Anthony Jose
 
Debugging Tips and Tricks - iOS Conf Singapore 2015
Fahim Farook
 
OSINT like a Boss & Python Automation
Santhosh Baswa
 
The challenges of file formats
Ange Albertini
 
2.2. Introduction to Arduino
defconmoscow
 

Similar to ABYSS OF BADUSB (20)

PDF
Taking the hard out of hardware
Ronald McCollam
 
PPTX
Artificial Intelligence Neural Processing Unit Hikey970
KnowledgeMavens
 
PDF
Building an Open Source iOS app: lessons learned
Wojciech Koszek
 
PDF
Porting your favourite cmdline tool to Android
Vlatko Kosturjak
 
PDF
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded ...
Priyanka Aash
 
PPTX
small electronics for your makerspace 2 (clc trendspotting - 26 march 2014)
ariannaschlegel
 
PDF
Better With Friends: Android+NFC+Arduino
Pearl Chen
 
PDF
Dark Side of iOS [SmartDevCon 2013]
Kuba Břečka
 
PPT
Arduino presentation by_warishusain
student
 
PPT
Arduino Easy way to create robots
Desiree Santos
 
PDF
#startathon2.0 - Arduino
sl2square
 
PPTX
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
PPTX
Tod kurt
makezine
 
PPTX
Hacking - high school intro
Peter Hlavaty
 
PDF
Design and Evolution of cyber-dojo
Jon Jagger
 
PPTX
Exploring the Internet of Things Using Ruby
Mike Hagedorn
 
PDF
Intro to the raspberry pi board
Thierry Gayet
 
ODP
Introduction to Raspberry Pi and GPIO
Kris Findlay
 
PPTX
Raspberry Pi - Unlocking New Ideas for Your Library
Brian Pichman
 
KEY
jQueryUI and HTML5 Video Play Nice
Brian Crescimanno
 
Taking the hard out of hardware
Ronald McCollam
 
Artificial Intelligence Neural Processing Unit Hikey970
KnowledgeMavens
 
Building an Open Source iOS app: lessons learned
Wojciech Koszek
 
Porting your favourite cmdline tool to Android
Vlatko Kosturjak
 
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded ...
Priyanka Aash
 
small electronics for your makerspace 2 (clc trendspotting - 26 march 2014)
ariannaschlegel
 
Better With Friends: Android+NFC+Arduino
Pearl Chen
 
Dark Side of iOS [SmartDevCon 2013]
Kuba Břečka
 
Arduino presentation by_warishusain
student
 
Arduino Easy way to create robots
Desiree Santos
 
#startathon2.0 - Arduino
sl2square
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
Tod kurt
makezine
 
Hacking - high school intro
Peter Hlavaty
 
Design and Evolution of cyber-dojo
Jon Jagger
 
Exploring the Internet of Things Using Ruby
Mike Hagedorn
 
Intro to the raspberry pi board
Thierry Gayet
 
Introduction to Raspberry Pi and GPIO
Kris Findlay
 
Raspberry Pi - Unlocking New Ideas for Your Library
Brian Pichman
 
jQueryUI and HTML5 Video Play Nice
Brian Crescimanno
 
Ad

Recently uploaded (20)

PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
August Patch Tuesday
Ivanti
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
August Patch Tuesday
Ivanti
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Ad

ABYSS OF BADUSB

  • 1. ABYSS OF BADUSB MOPI – Japanese student who researches about information security
  • 2. #WHOAMI MOPI (plz follow me on twitter => @naogramer) • Senior High-school Student in Japan (Grade 11th) • Like to use Python 3.x, C++ (with Win32 API) • Most interested topic = DFIR (Digital Forensics Incident Response • Sorry for bad English …… (Studied abroad in Canada for just 1 year) 401 – Unauthorized I don‘t want to release my face to internet…… Actually, there is some but…… orz.
  • 3. WHAT IS BADUSB USB device with malicious firmware which uses to get all secret data inside your computer and mess up everything.
  • 4. LETS TALK ABOUT BORING HISTORY Actually, BadUSB is not BadUSB. $ alias BadUSB BadUSB
  • 5. REAL AND TRUE BADUSB This is the “REVERSE ENGINEERED” real and true BadUSB. (Psychson)
  • 6. REVERSE ENGINEERED…… True, real, and original BadUSB exploits are not available. Information of exploits has been released in BlackHat USA 2014, but exploit code wasn’t released out. BOOM!!! But some challenger reverse engineered and released on GitHub!!!
  • 7. TRUE AND REAL ONE IS USELESS… Psychson only supports really few specific USB devices, and some of them are already discontinued or fixed up.
  • 8. ARDUINO IS GREAT DECISION Some Arduino boards support USB output function. This will be big help if you are beginner, because it officially supports everything needs in BadUSB.
  • 9. HOW_2_ATTACK • Payload format depends on the types of BadUSB (If you are using Arduino, you can write payload with C-like lang.) • You should make stealth (no GUI, silence) as much as you can. • There is many advanced options. (eg: RAT, Dropper, etc…)
  • 10. LET’S TRY I have implemented simple dropper code for USB output supported Arduino. GitHub Repository: https://gist.github.com/moppoi5168/e64466fd748e7169dfd6521241a74bfb
  • 11. WHAT IS THIS CODE DOING It opens command prompt (administrator) and download execution files to c:¥windows_update.exe using PowerShell. And then it will execute c:¥windows_update.exe. Very simple dropper J.