Практические атаки на интерфейс USB | Online

Онлайн-доклад про интерфейс USB с демонстрацией инструментов для осуществления атак через него. Проводился вместе с ребятами из хакспейса Нейрон в марте 2020. Материалы к докладу: Твиттер: Сайт: 00:00 Intro 09:52 Agenda 11:28 Part 1: USB 101 21:33 Demo: Sniffing USB with a logic analyzer 27:16 Part 1: USB 101 [cont’d] 40:46 Demo: lsusb and syslog 50:39 Part 1: USB 101 [cont’d] 54:44 Demo: Sniffing USB with usbmon and Wireshark 1:02:54 Part 1: USB 101 [cont’d] 1:03:56 Part 2: USB Attack Surface 1:16:46 Break [and discussion] 1:30:08 Part 3: Linux USB subsystem 1:31:10 Demo: Sending USB control requests with pyusb 1:37:10 Part 4: BadUSB 1:38:16 Demo: Rubber Ducky 1:44:20 Demo: Bash Bunny 2:03:09 Demo: Teensy 2:04:52 Demo: ATTiny85 board 2:06:01 Demo: Cactus WHID 2:09:04 Tomu 2:09:53 BadUSB cables 2:11:33 Custom BadUSB 2:12:13 Break [and discussion] 2:18:33 Part 5: Facedancer 2:21:36 Demo: Emulating USB keyboard with FaceDancer21 2:25:49 Demo: USB reconnaissance with FaceDancer21 2:31:41 Part 6: Linux USB Gadget subsystem 2:35:40 Linux Gadget hardware 2:46:25 Linux Gadget interfaces 2:47:34 Legacy Gadget modules 2:53:49 USB Gadget ConfigFS 3:00:10 GadgetFS 3:04:52 Raw Gadget 3:20:49 Break [and discussion] 3:26:31 Part 7: USB Fuzzing 3:41:49 Demo: Dummy HCD/UDC 3:46:04 Part 7: USB Fuzzing [cont’d] 3:48:00 Demo: Crashing Linux Over USB 3:51:19 Demo: Crashing Windows Over USB 4:02:48 Part 8: USB Sniffing 4:04:11 OpenVizsla 4:11:23 Demo: Sniffing USB with OpenVizsla 4:16:44 USBProxy ’Nouveau’ 4:18:14 Demo: Sniffing USB with USBProxy ’Nouveau’ 4:21:47 Hardware keyloggers 4:22:20 Demo: Logging USB Keyboard with AirDrive Keylogger 4:23:56 Hardware keyloggers [cont’d] 4:25:34 Part 9: Defensive 4:29:02 Epilogue