>USB HWRD is a keystroke injection tool disguised as a generic flash drive. Since computers inherently trust keyboards, they recognize USB HWRD as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute.
>Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, and many other automated functions for the penetration tester and systems administrator.
How do you defend against this? Other than plugging your USB sockets with hot glue...
You can also physically disconnect your USB ports.
Josiah Jones
systemd is already the solution
Luis Richardson
Have you ever thought about locking your screen whenever you're not in front of your computer, retard?
Benjamin Cooper
I would definately know if someone somehow snuck into my house at night and plugged one of those in my laptop
Ian Powell
yeah, but that's pain in the ass. I'm hoping for a SW solution.
Elijah Flores
>I would definately know if someone somehow snuck into my house at night and plugged one of those in my laptop what if your house got swatted? you'd be so scared, surprised and confused that they'd be in your room in like 5 seconds and you'd be sitting with your dick in your hand with a bedazzled look on your face.
Ian Jackson
hotglue in your usb ports
Carson Taylor
Oh there's a great software solution. You can make any OS disable the USB bus until you manually enable it for your own use. But doing something by software is always a waiting game until someone inevitably finds the way around it. On the other hand there's no "way around" physical means short of removing them.
Daniel Cook
WARNING >WARNING WARNING >WARNING
>HACKERS can now BREAK INTO YOUR FUCKING HOUSE and KICK YOUR GODDAMN COMPUTER DOWN THE STAIRS
I'm scared bro's. How do we defend against this?
Landon Allen
By using the cloud.
Luis Gutierrez
1. Password.
"Hi new keyboard detected, please type in your password"
If they have your password they don't need to come in and do a HID attack in the first place.
Jeremiah Ortiz
single level dwellings only. no porch steps.
seal off any upper floors or basements you might have, while you put your home on the market and invest in a more secure single level dwelling
Jonathan Brown
Apple MacBook Retina don't has this problem
Colton Wilson
Are you the same guy who keeps letting mexicans recharge their phones or some shit via your ports? Stop letting people into your holes, man
Lucas Richardson
>what if your house got swatted I would still notice the USB stick protruding out of the side of my laptop
Tyler Ramirez
I've got bigger problems if I'm getting swatted
Connor Moore
Thats why.... This explains EVERYTHING!
Jackson Hill
>falling for the USB Jew
Use a 486 system like a good Christian.
Chase Thompson
Say you want to pentest some company... all you need to do is drop few of these around the parking lot just before the lunch break and by the end of the day, you'll have access to pretty much everything in the company.
Unless they pass the test. Though maybe you're interested in accessing the systems of some local small business?
Lincoln Perez
Heh you have no fucking idea.
Brody Morales
>Unless they pass the test. they wont. no one does. especially if you buy a pink USB stick and label the drive "personal photos". some duckies also have some USB storage as well so you can upload some amateur nudes so the victim doesn't suspect a thing and even takes it home.
James Allen
If they have physical access what's stopping them from just taking the whole damn system
Lincoln Allen
I have the idea that every company I've ever worked for has disallowed USB media. Not just as a personnel policy but as a technical one. I already agreed that small places might be vulnerable but this is pretty basic IT security by now.
Bentley Kelly
definitely
Angel Butler
>no one does I feel like Sup Forums is trapped in 1997 or something. I could probably hire any NEET off this board for IT security and this would be the first thing they'd think to do. I'm sure there are untold clever attack vectors out there but USB is pretty bush league by now.
Tyler Lopez
>If they have physical access what's stopping them from just taking the whole damn system FDE you moron.
Joshua Reed
do you do pentesting for living? obviously not. stay in school kid.
Gavin Rodriguez
>for living Do you speak English for a living? Stay in Chennai, Pajeet.
Carson Parker
>phoneposter >calling someone else dumb
Angel Cooper
That method hasn't stopped working and it's why high-security system still have all ports closed with epoxy.
Hunter Brown
What is even more terrifying is that any number of your USB devices may have malicious firmware and you have virtually not way to know about it. You may even have such devices plugged into your computer right now. Used hardware and cheapo Chinese USB devices come to mind.
Isaiah Thompson
If someone gets physical access to your machine, you're fucked. That's how it is, that's how it will always be.
You don't even need toys like that, just restart the computer and single user mode and it's yours.
Jace Garcia
>quads of btfo Nice.
Jace Hughes
you can also do mousejacking and just scan for sheep who use vulnerable USB wireless mice from Logitech or other manufacturers. you can hack them in no time. they won't even see a command prompt pop up. you can have fun at coffee shops. ps: doesnt work on BT or apple mice tho.
Michael Parker
> 1000 words per minute But I can only type 65 words/minute
Gavin Price
>If someone gets physical access to your machine, you're fucked. >That's how it is, that's how it will always be. you're a moron. learn what FDE does.
Aaron James
Not an argument. I'm glad my intellect intimidates and upsets you. :^) You shouldn't get mad at the guy who just helped you and the other bumbling brainlets in the threads (a simple "thanks" would suffice), but... well, I've already accepted that the road to greatness is a high and lonely one. Better than being stupid, haha!
Benjamin Ward
How would it do anything without knowing my password? It can't execute any binaries or scripts
Logan Butler
Dumb phoneposter.
Zachary Wood
>you're a moron. learn what FDE does. This thread is about getting access to your device in a powered-on state. Your're are files are decrypted in that state familiapai
Charles Stewart
Again, what the fuck are you gonna do? Randomly click around hoping for something to happen?
Daniel Campbell
I doesn't have CUDA either.
Hudson Collins
They can still plant malware in the UEFI or any other firmware (keyboard controller, mouse, webcam, etc) that will activate once you unlock the PC
Zachary Scott
>incomprehensible gibberish speak English or die.
Isaiah Lewis
not if it's locked.
Kevin Stewart
So every chip running some kind of firmware on your motherboard can be password protected?
Michael Butler
>what is stuxnet
Adam Ward
you're making dumb points. you know exactly what he's trying to say. did you ever study a second language user?
Jack Johnson
Disable them either in hardware or via UEFI. But really, what said. If someone with malicious intent gets physical access, you're fucked anyway.
Dylan Foster
lololol
Josiah Wilson
Anybody with physical access can and will compromise your device.
Angel Powell
>How do you defend against this?
I don't have random fucking people coming into my place to insert shit into my computer, do you?
Jayden Allen
Disable usb keyboards. Use thonkpad keyboard only
Nicholas Miller
If someone has physical access your already pretty much fucked.
Parker Jones
>Get swatted >FBI plug in HID that puts in specific keystrokes instead of collecting laptop for evidence. lmao Why would they do that?
Luke Cooper
Shoot anybody who's in my house
Ayden Russell
>random fucking that was superfluous. no one has ever been to your room, period. #foreveralone
>the wall plug part ameriplugs btfo, schutzkontakt master race!
Angel Hall
this wouldn't work on my computer because I have a live grenade hid under the mobo
Connor Morgan
>ameriplugs btfo, schutzkontakt master race! it's only a bit more difficult... requires destroying the face plate. but in only takes 2 min more and destroys your property.
Colton Miller
You are actually correct. I live in a studio apartment so there is no 'room'. Females have been here though so you're still wrong.
Lincoln Lee
>breaking news: your computer can be hacked if the hacker has physical access to it
Alexander Russell
>Females have been here though so you're still wrong. Landlord and female cops don't count.
Alexander Campbell
>What does Super+L do
The government taught me this shortcut when I worked for them, user. Now you can use it against them.