11:00 That is NOT a surefire way to protect your computer from a BadUSB device. Once the attacker realizes that the computer only allows whitelisted devices, it's trivial to spoof the VID and PID of the BadUSB to make it appear as one of the whitelisted devices.
@@Lilyene0 inference of these devices should be pretty easy to find. Social Engineering would uncover a device used on prem, in-person, or even over the phone. one could even go as far as talking to contractors to uncover information with social engineering. This is why security policies should be implemented by IT.
Also if someone suspects that this happened, they could turn their router off or unplug the computer from the network while they reinstall the OS. Sure there are ways to get rid of these things without reinstalling. I just prefer a clean install so I know that I am rid of it and anything else that may have been installed that I did not notice any signs of. It also helps in case the malware is a newer variant that antivirus does not yet recognize. One thing to remember about malware is it can be tricky to pick through and remove all traces. With a clean install you know it is gone and you didn't spend your day searching the registry for it. The other nice thing about a clean install is that some malware reinstalls if you miss any. That doesn't happen with a clean install. Instead you know it is gone.
But once this happened the attacker will have already extracted sensitive information such as passwords stored in the browser, payment information, and encryption keys. None of the remediations you mentioned will fix that.
Be clear about what a "clean install" is. Thinking that you can just run your Windows restore backup is NOT a "clean install". Virus routinely hide inside backup & restore files & you'll simply reinfect yourself over & over if this is the case. A "clean install" means you have a separate introduction to your computer that COULDN'T have possibly of been infected with your current issue. When sophisticated attacks always being thought up, even backups from the cloud & the network can be compromised.
If anyone else has physical access to your machine, or if you run any untrusted code (javascript etc) it is game over. How many times does it need repeating?
I'm one of the lucky people that have had one of these flash drives sent to me from a fake Amazon... I opened it up first thing before doing anything else because the letter that came packaged with it looked sus as hell. If it was just a flash drive with no letter I might have just plugged it into my PC. It had a ESP32 Arduino board in it but I think something went wrong when they flashed it because I got corrupted data when I dumped the firmware. I even tried plugging it into an old laptop when I failed to dump any data from it but it didn't do anything. I've since repurposed it and have used it for various tinkering projects so I'm kinda glad they sent it to me. Because in the end I just got a free Arduino board out of it.
An esp32 arduino board? Esp32's do stuff with wifi (as you probably know since you seem knowledgable on this stuff) if i remember correctly. Not sure why they wouldnt send a duckyscript usb to just use cmd to grab wifi passwords and send it through a webhook rather than try hack it lol, and how were they gonna try send the pcap file? Doubt they would have been able to do much to you even if they flashed it correctly if it was just an esp32
Is the device whitelist enough protection? Isn't there some sort of passthrough bad usb that would have a female usb port on one side thay you would plug in the original peripheral and it would clone its ID and other properties so it would bypass the whitelist?
Nice Video. Unfortunately, even computers without internet (and data) are not safe. There are also USB sticks that contain a capacitor that will destroy your entire PC. So only do this if you know what you are doing.
William Binney, Technical Director at NSA, retired, stated, "When you need to compose a secret message to send through a network, keep it small, 140 characters, and use pencil and paper."
@@shadowe5067 2006 for sale, msrp $600, flip phone that doesn't need a battery to use gps and make phone calls, collecting energy from the air. Good luck unplugging your battery.
Using superglue to "brick" the USB ports is possible, as well as gluing the keyboard and mouse USBs to the PC. (Ofc, it'll make replacing them tricky tho)
11:11 Uhhh you can just easily re-program the vendor ID and product ID on the arduino. If this is supposed to be a cybersecurity education channel, you shouldn't spread misinformation, especially the claim that it is a "perfect solution". Please be better. Edit: Also VID and PIDs aren't exactly secret, there's a public list of them.
I actually made my own to run non-maliciouse code(For a Demo of what these could do).Realistically they are so small I instead grabbed a plug in wired keyboard and directlly connected the micro usb.
Has anyone created a program that disabled the usb slots everytime the corresponding usb was unplugged? And that you had to type in a password to reactivate it?
You can actually change the firmware that runs on a USB stick, this way you can just repurpose generic USB flask drives and program the controller to also expose a HID device when needed!
And no, filtering by device ID is not a failproof way when you inject your own HID devices, you could just pretend to be any other device you wanted or even bruteforce an ID that does work!
I would have designed a dedicated PCB for this and programed it as a USB hub, so there will be a flash drive, and a keyboard in one. The user will think it’s a flash drive and use it as normal and unknowingly inject the malware into multiple devices as they transfer files from one device to another. The malware will do its job behind the scenes with low risk compromising tasks such as fetching personal data which could be sold such as email addresses, and ad data. I don’t think this would be hard to do…. I’ve never done it and I never would, but knowing is possible and how it’s possible is the first step to prevention
maybe you should hide the name of these usbs as I found so much information that a newbie could make an attack on someone by just using a USB. but anyways the video was great and the editing is just one of the best I have ever seen. and btw thanks for making these videos as it helps outers to get better at the security
It's funny how they were trying to hide executed code by blurring but then not hide the cheap ATMEGA microcontrollers. Not to mention the info on how to do BadUSB and even pre-made scripts are available freely on RUclips and other sites. Instead of trying to keep malicious people away (near impossible) they should instead teach people on how to protect themselves better which they did but on very basic level though.
I teach English in China. Chinese software and Chinese computers in a war for domination, it's so convoluted. That's why when a student asked me to scan his semester's worth of homework, I said do it yourself. I installed the printer scanner software on his laptop but it's being blocked by something. Oh well, his problem, not mine.
Yeah, don't know if Eliot meant that specific code, but generally it is possible to get the original code from an arduino after the compilation process. You'll need a few steps to get the HEX, then a disassembler, and finally translate it from assembly to C++
If u are a nobody most probably you will be safe, but if u are a relevant person, lets say an owner of a finance company or some lesser, but still important role… well u could still get somebody trying to make a personal attack on your pc well ur non-typical way has most likely more mistakes and vulnerabilities than a typical windows pc
It is important to state that msiexec is a major security hole, but M$ doesn't give a crap. The best course of action is to replace that executable by a dud.
Can you please make a video about if there is flash drives that already affect your computer after plugging in and then out and still counting as its plugged in using wifi, And if so. Can you please make a video how it looks like or
So lets say I have this Huge plush Enter button that I do not trust since I bought it from Ali Express. How do I put the device under surveillance? Do I have to use a Keylogger to know whats being typed by the device or are there any better methods?
As a gamer It only takes 15 minutes to re-install windows and and a few more for drivers...Run a spring clean/format/ O.S reinstall annually...NO MATTER WHAT. But if i worked fromhome on mah pc , geez what a nightmare.
Because the vulnerabilities in the video werent known by AV companies at the time the attack was being implemented. An AV scan likely wouldn't have detected it.
@@realfun7188 Not really true. Good AV companies invest vast amount of money on global intel, to report, test and provide signatures for dangerous code. The updates happen in real time. It is possible for zero day code to be created that would defeat any AV. Stuxnet would be a good example but this is rare and expensive to create. My question is more about whether the code itself can disable the AV, or function outside of normal AV scanning? That would be very sophisticated & dangerous but I don't think it exists, outside of government agencies. Stuxnet had multiple zero day exploitation code but it has been reverse engineered, added to the signature databases and is no more dangerous now than a kiddie script. It is interesting how computer code is so much like biological DNA.
Problem is it's not a usb drive. It's a usb keyboard or at least it's acting as one and it's automatically typing commands that download and install the malware. As far as the system knows, it's you typing those commands. One way to thwart this is NOT run your computer logged in all the time with administrative or root privilege. Then when it send the keystrokes the system won't allow the commands to execute. Problem solved right there.
Bruh, its a microcontroller emulating a keyboard the pc aint gonna scan a keyboard it just thinks its a regular human typing it its not a flash drive dumbass
USB VendorID and ProductID (VID&PID) even usb_product & usb_manufacturer can be changed at arduino boards "\arduino\hardware\arduino\avr\boards.txt" I can make badUSB look like any USB device, for example Logitech K270 Unifying Receiver
If you don't run logged in as administrator or root by default, would that not prevent the commands from being executed? Installing software require administrative privilege does it not? There ya go! Problem solved and hack thwarted!
Most software can be run without administrator/root privileges. It will not be able to modify system files but could still potentially access or modify your personal data.
@@rafinazmulrafi Here are some steps A) boot up a vitrtual machine. B) have it grab all your input C) it logs all keystrokes (Vbox already does this if I remember correctly) D) ???? E) PROFIT
Yeah, but there's an even easier way to thwart this hack. Don't be logged on with administrative or root privilege when you plug in the usb device. To download and install software should require admin privilege and if you aren't logged on with that level of privilege the commands should be rejected by the OS. Problem solved as simple as that!
Whomever trying to hack defense companies with such a hacked up solution is unbelievably stupid. If I were one of those, I would come up with a flash drive that behaves 100% like a normal flash drive and uses 100% the same circuit so no one would discover it. For instance, inside those flash drives is a programmable USB controller chip (i.e. it has an embedded CPU inside handling USB handshaking and flash initialization, then uses DMA to shuffle the bulk of the data), and a flash memory chip. If I were doing this, I would get a copy of source code of normal program running inside those chips, modify the code so once in a while it secretly attacks once, then revert back to normal operation. I will reprogram a totally normal flash drive with this spiced up code, and deliver it as a gift. Oh, BTW, I would also not choose my method of attack like this. A USB HID is so easy to get recognized. I would exploit buffer handling bugs in the USB driver stack (Ring 0 code is NOT DEP-protected on Windows), then carefully construct malicious USB data packets to inject machine code into the driver stack. This would be really difficult as the driver stack is really well guarded by code reviews, but I'm sure if a major government is to pull this off, they have uncovered 0-days here and there at disposal.
Well, i would have those USB-Sticks for free! There are Arduino Pro Micros in there. They cost around 10 euros. Ill take them for free.. so i can reprogramm them to make them fit for my own Projects. I like to play around and build devices with Arduinos. they are quite useful. especially for small Circuits, which needs an Microcontroller.
In all honesty computers should be locked away where staff can't touch them, if there's usb ports they can reach fill them with superglue. It doesn't matter how many times they are told they will still plug things in and click attachments. I have never had a client get hacked, but I have had systems brought to their knees by stupid staff.
@@Oliver_Atkinson Not all machines allow that for one and it can be all or none, so if you turn them all off you won't have a keyboard or mouse anymore. There's ways to get around disabling them, the easiest way to fix it is superglue. Staff never listen and always mess with things they shouldn't.
I was thinking hot glue, or maybe silicone seal. Superglue the keyboard and mouse so they don't unplug them to use. Remember the good old days when people were afraid of computers...just seeing a punch card would invoke fear, and computer tech was god.
@@MissFoxification I may have some equipment with din connectors, probably lurking around an analog piano tuner (it has a spinning disk with a light behind it). I sold my u-matic video recorders a while back, I think they had din plugs.
whitelists really????? bad actors would just make the device appear to have a know vendor id... who wrote this crap??///? you can contact me, 20 yrs in it, and interview me, this is the worst video ive ever seen
You ARE hackers if you can do these things, WHITE HAT hackers they are called. And hacking doesn't mean something is bad, it's just people that are good at creative uses of technology, just like electronics engineers but more often with software.
Bad USB is not a device. Bad USB is a rootkit itw malware, PoC in 2013. To burry the Bad USB malware discussion, someone invented Bad USB device attacker and overly promotes it. Taking the Hak5 Rubber Duck and rebranding it as Bad USB. WTF.
11:00 That is NOT a surefire way to protect your computer from a BadUSB device. Once the attacker realizes that the computer only allows whitelisted devices, it's trivial to spoof the VID and PID of the BadUSB to make it appear as one of the whitelisted devices.
Wouldn't the attacker need to somehow find out the VID and PID of the whitelisted devices though?
@@Lilyene0 inference of these devices should be pretty easy to find. Social Engineering would uncover a device used on prem, in-person, or even over the phone. one could even go as far as talking to contractors to uncover information with social engineering. This is why security policies should be implemented by IT.
these guys dont really know what they are talking about......these vids are just a way for them to talk you into a service you dont need.
@@Lilyene0yeah
Also if someone suspects that this happened, they could turn their router off or unplug the computer from the network while they reinstall the OS. Sure there are ways to get rid of these things without reinstalling. I just prefer a clean install so I know that I am rid of it and anything else that may have been installed that I did not notice any signs of. It also helps in case the malware is a newer variant that antivirus does not yet recognize. One thing to remember about malware is it can be tricky to pick through and remove all traces. With a clean install you know it is gone and you didn't spend your day searching the registry for it. The other nice thing about a clean install is that some malware reinstalls if you miss any. That doesn't happen with a clean install. Instead you know it is gone.
But once this happened the attacker will have already extracted sensitive information such as passwords stored in the browser, payment information, and encryption keys. None of the remediations you mentioned will fix that.
Be clear about what a "clean install" is.
Thinking that you can just run your Windows restore backup is NOT a "clean install".
Virus routinely hide inside backup & restore files & you'll simply reinfect yourself over & over if this is the case.
A "clean install" means you have a separate introduction to your computer that COULDN'T have possibly of been infected with your current issue.
When sophisticated attacks always being thought up, even backups from the cloud & the network can be compromised.
@@ClickClack_Bam if you dont even know what a clean install is then this vid is well beyond your skills.
Put your computer's ports inside a steel safe
Hot glue into the USB ports and no external devices would be better.
Or fill the ports with building foam, silicone, hot glue, etc., alternatively short the data lines.
Store your data in a black box kept in a data centre not connected to anything. Heck you could even call it the Box 3
Chastity cage
Block them vua windows advanced swttings XD
If anyone else has physical access to your machine, or if you run any untrusted code (javascript etc) it is game over.
How many times does it need repeating?
11:01 That's doesn't matter, it's possible to figure out the vendor ID/Product ID of an allowed device and program on a BAD USB...
I'm one of the lucky people that have had one of these flash drives sent to me from a fake Amazon...
I opened it up first thing before doing anything else because the letter that came packaged with it looked sus as hell. If it was just a flash drive with no letter I might have just plugged it into my PC. It had a ESP32 Arduino board in it but I think something went wrong when they flashed it because I got corrupted data when I dumped the firmware. I even tried plugging it into an old laptop when I failed to dump any data from it but it didn't do anything. I've since repurposed it and have used it for various tinkering projects so I'm kinda glad they sent it to me. Because in the end I just got a free Arduino board out of it.
An esp32 arduino board? Esp32's do stuff with wifi (as you probably know since you seem knowledgable on this stuff) if i remember correctly. Not sure why they wouldnt send a duckyscript usb to just use cmd to grab wifi passwords and send it through a webhook rather than try hack it lol, and how were they gonna try send the pcap file? Doubt they would have been able to do much to you even if they flashed it correctly if it was just an esp32
SumSub is filling the Disrupt sized hole in my heart!
Is the device whitelist enough protection? Isn't there some sort of passthrough bad usb that would have a female usb port on one side thay you would plug in the original peripheral and it would clone its ID and other properties so it would bypass the whitelist?
good idea
Thank you Elliot and SumSub 💯
You’re welcome man!
No malware needed! The protection software is the malware as it make the product so hard to use its unusable. True for most corporate computers.
Exactly! Clicking an extra modal window or entering a secure password is exactly the same as having all of your passwords and financial data stolen.
Nice Video. Unfortunately, even computers without internet (and data) are not safe. There are also USB sticks that contain a capacitor that will destroy your entire PC. So only do this if you know what you are doing.
William Binney, Technical Director at NSA, retired, stated, "When you need to compose a secret message to send through a network, keep it small, 140 characters, and use pencil and paper."
Best way to be safe is not to turn off your phone but unplug the battery
@@shadowe5067 2006 for sale, msrp $600, flip phone that doesn't need a battery to use gps and make phone calls, collecting energy from the air.
Good luck unplugging your battery.
Using superglue to "brick" the USB ports is possible, as well as gluing the keyboard and mouse USBs to the PC.
(Ofc, it'll make replacing them tricky tho)
How would these attacks fair up against immutable OSes?
A simple OS-level fix would be to always inform the user that a new "keyboard" was detected and to stop keystrokes from going through.
11:11 Uhhh you can just easily re-program the vendor ID and product ID on the arduino. If this is supposed to be a cybersecurity education channel, you shouldn't spread misinformation, especially the claim that it is a "perfect solution". Please be better.
Edit: Also VID and PIDs aren't exactly secret, there's a public list of them.
I actually made my own to run non-maliciouse code(For a Demo of what these could do).Realistically they are so small I instead grabbed a plug in wired keyboard and directlly connected the micro usb.
I'd like to use one to automate startup and preconfig of a Live OS
Suppose you have Virus,malware file in your PC and you don't know. Does that also gets backed up to your cloud storage(Onedrive)
What would this attack do on a PC where you are not logged into a admin account?
nearly all video's/articles do not show this.
To my knowledge there would be little to no difference in what could be done.
Has anyone created a program that disabled the usb slots everytime the corresponding usb was unplugged? And that you had to type in a password to reactivate it?
This seems like a good idea and hopefully some programmers who need new ideas for projects take inspiration
That's an interesting concept, haven't heard of anything that's been created like that.
You can actually change the firmware that runs on a USB stick, this way you can just repurpose generic USB flask drives and program the controller to also expose a HID device when needed!
And no, filtering by device ID is not a failproof way when you inject your own HID devices, you could just pretend to be any other device you wanted or even bruteforce an ID that does work!
I would have designed a dedicated PCB for this and programed it as a USB hub, so there will be a flash drive, and a keyboard in one. The user will think it’s a flash drive and use it as normal and unknowingly inject the malware into multiple devices as they transfer files from one device to another. The malware will do its job behind the scenes with low risk compromising tasks such as fetching personal data which could be sold such as email addresses, and ad data.
I don’t think this would be hard to do…. I’ve never done it and I never would, but knowing is possible and how it’s possible is the first step to prevention
10:07 Delayed RCE is such a simple yet checkmate attack!.
maybe you should hide the name of these usbs as I found so much information that a newbie could make an attack on someone by just using a USB. but anyways the video was great and the editing is just one of the best I have ever seen. and btw thanks for making these videos as it helps outers to get better at the security
It's funny how they were trying to hide executed code by blurring but then not hide the cheap ATMEGA microcontrollers. Not to mention the info on how to do BadUSB and even pre-made scripts are available freely on RUclips and other sites.
Instead of trying to keep malicious people away (near impossible) they should instead teach people on how to protect themselves better which they did but on very basic level though.
@@BenjaminHari Because you can just get the same results in one google search.
I recently got into hardware stuff and made similar thing with my Raspberry Pi Pico, "macropad"
cool thing if you like to tinker
I teach English in China. Chinese software and Chinese computers in a war for domination, it's so convoluted. That's why when a student asked me to scan his semester's worth of homework, I said do it yourself. I installed the printer scanner software on his laptop but it's being blocked by something. Oh well, his problem, not mine.
7:20 You sure it's not possible to extract code from arduino?
It can be trivial to extract & disassemble such mcu code.
Yeah, don't know if Eliot meant that specific code, but generally it is possible to get the original code from an arduino after the compilation process. You'll need a few steps to get the HEX, then a disassembler, and finally translate it from assembly to C++
Elliot is minorly lazy and unknowledgeable.
I sat through a sumsub ad! Ill never get that 12 minutes back!
exactly and thats why he gets a thumbs down a reported for misinformation.
You can use a USB data blocker to stop any malicious code been sent to the computer .
There is ways around that 🙂
@@erikslot7023theres no ways when theres no data pins haha
Obscurity over security ;) If you setup your machine in a non typical way, she'd win. How about the intel management hacks?
If u are a nobody most probably you will be safe, but if u are a relevant person, lets say an owner of a finance company or some lesser, but still important role… well u could still get somebody trying to make a personal attack on your pc well ur non-typical way has most likely more mistakes and vulnerabilities than a typical windows pc
It is important to state that msiexec is a major security hole, but M$ doesn't give a crap. The best course of action is to replace that executable by a dud.
What about virtual machine? Are they programed so they escape it?
Can you please make a video about if there is flash drives that already affect your computer after plugging in and then out and still counting as its plugged in using wifi,
And if so. Can you please make a video how it looks like or
So lets say I have this Huge plush Enter button that I do not trust since I bought it from Ali Express. How do I put the device under surveillance? Do I have to use a Keylogger to know whats being typed by the device or are there any better methods?
As a gamer It only takes 15 minutes to re-install windows and and a few more for drivers...Run a spring clean/format/ O.S reinstall annually...NO MATTER WHAT.
But if i worked fromhome on mah pc , geez what a nightmare.
Most decent AV conducts a scan on any connected external drive. Why didn't you mention this?
Because the vulnerabilities in the video werent known by AV companies at the time the attack was being implemented.
An AV scan likely wouldn't have detected it.
@@realfun7188 Not really true. Good AV companies invest vast amount of money on global intel, to report, test and provide signatures for dangerous code. The updates happen in real time. It is possible for zero day code to be created that would defeat any AV. Stuxnet would be a good example but this is rare and expensive to create. My question is more about whether the code itself can disable the AV, or function outside of normal AV scanning? That would be very sophisticated & dangerous but I don't think it exists, outside of government agencies. Stuxnet had multiple zero day exploitation code but it has been reverse engineered, added to the signature databases and is no more dangerous now than a kiddie script. It is interesting how computer code is so much like biological DNA.
Problem is it's not a usb drive. It's a usb keyboard or at least it's acting as one and it's automatically typing commands that download and install the malware. As far as the system knows, it's you typing those commands. One way to thwart this is NOT run your computer logged in all the time with administrative or root privilege. Then when it send the keystrokes the system won't allow the commands to execute. Problem solved right there.
Bruh, its a microcontroller emulating a keyboard the pc aint gonna scan a keyboard it just thinks its a regular human typing it its not a flash drive dumbass
Where can I download these script files and if the attack is possible on Digispark ATtiny85 microcontroller
Yes,I have tested and it works 🎉
Do these softwares run on linux?
Time to watch this video because I feel paranoid
Feel even more paranoid?😂
@@therealb888 yeah but at least now I know to check the back of my computer often
😂😂😂
@@definitelyaraven Lol me too. I knew of this, but a refresher is always welcome.
@@definitelyaraven If somebody breaks into your house and has physical access to your computer, you got bigger problems to worry about than this.
the pico is even cheaper and still very good and i think it supports most OSes
3:20 When did they rename "Device Manager" to "Task Manager"? lol
USB VendorID and ProductID (VID&PID) even usb_product & usb_manufacturer can be changed at arduino boards "\arduino\hardware\arduino\avr\boards.txt"
I can make badUSB look like any USB device, for example Logitech K270 Unifying Receiver
This is old news, new bUSBs can work hundred times flaster and have encrypted memory
I would’ve love to get sent one of those
I am waiting for your video.. 😃😀
If you don't run logged in as administrator or root by default, would that not prevent the commands from being executed? Installing software require administrative privilege does it not? There ya go! Problem solved and hack thwarted!
Most software can be run without administrator/root privileges. It will not be able to modify system files but could still potentially access or modify your personal data.
It's easy enough to elevate to administrative rights from a non admin account if you know what you're doing.
can we check the usb on a virtual machine to see if it is safe to use it ?
Yup
How?
@@rafinazmulrafi Here are some steps
A) boot up a vitrtual machine.
B) have it grab all your input
C) it logs all keystrokes (Vbox already does this if I remember correctly)
D) ????
E) PROFIT
Yeah, but there's an even easier way to thwart this hack. Don't be logged on with administrative or root privilege when you plug in the usb device. To download and install software should require admin privilege and if you aren't logged on with that level of privilege the commands should be rejected by the OS. Problem solved as simple as that!
7:35 Rat= Remote administration tool
Whomever trying to hack defense companies with such a hacked up solution is unbelievably stupid. If I were one of those, I would come up with a flash drive that behaves 100% like a normal flash drive and uses 100% the same circuit so no one would discover it.
For instance, inside those flash drives is a programmable USB controller chip (i.e. it has an embedded CPU inside handling USB handshaking and flash initialization, then uses DMA to shuffle the bulk of the data), and a flash memory chip.
If I were doing this, I would get a copy of source code of normal program running inside those chips, modify the code so once in a while it secretly attacks once, then revert back to normal operation. I will reprogram a totally normal flash drive with this spiced up code, and deliver it as a gift.
Oh, BTW, I would also not choose my method of attack like this. A USB HID is so easy to get recognized. I would exploit buffer handling bugs in the USB driver stack (Ring 0 code is NOT DEP-protected on Windows), then carefully construct malicious USB data packets to inject machine code into the driver stack. This would be really difficult as the driver stack is really well guarded by code reviews, but I'm sure if a major government is to pull this off, they have uncovered 0-days here and there at disposal.
Just disconnect from all networks, Bluetooth included
What can you use to live a normal life without somebody being nosey?
Do you have any really hacking course we want to join
...Or just do not put random usb into computers.
Well, i would have those USB-Sticks for free!
There are Arduino Pro Micros in there. They cost around 10 euros.
Ill take them for free.. so i can reprogramm them to make them fit for my own Projects. I like to play around and build devices with Arduinos. they are quite useful. especially for small Circuits, which needs an Microcontroller.
In all honesty computers should be locked away where staff can't touch them, if there's usb ports they can reach fill them with superglue.
It doesn't matter how many times they are told they will still plug things in and click attachments.
I have never had a client get hacked, but I have had systems brought to their knees by stupid staff.
Just turn off the USB ports (idk if windows can do this, but you can disable them on linux)
@@Oliver_Atkinson Not all machines allow that for one and it can be all or none, so if you turn them all off you won't have a keyboard or mouse anymore.
There's ways to get around disabling them, the easiest way to fix it is superglue.
Staff never listen and always mess with things they shouldn't.
I was thinking hot glue, or maybe silicone seal. Superglue the keyboard and mouse so they don't unplug them to use. Remember the good old days when people were afraid of computers...just seeing a punch card would invoke fear, and computer tech was god.
@@nickv1008 Haha, back in the day when people would ask before plugging something in? Back before plug n pray, I do not miss DIN connections.
@@MissFoxification I may have some equipment with din connectors, probably lurking around an analog piano tuner (it has a spinning disk with a light behind it). I sold my u-matic video recorders a while back, I think they had din plugs.
i thought is was a USB that was bad but in reality it was very bad
His voice is like a narrator from horror film 🥶🥶
Use ghost Linux to reset it
Whitelists won't help, it's easy to spoof the ID
whitelists really????? bad actors would just make the device appear to have a know vendor id... who wrote this crap??///? you can contact me, 20 yrs in it, and interview me, this is the worst video ive ever seen
No cap
why the fuck is the usb connector so janky?
"Attack on a SHUT DOWN Computer" is clickbait, imo. it heavily implies that the attack can work while the PC is off, not waiting until it's turned on.
Technically the injected USB could send a magic packet and wake the computer over “LAN”. But still it would have to mean it’s turned on so yeah kinda
This is a clickbait that can be forgiven
Brother your to genius
Elliot from MR.ROBOT ?
Who knows…
the military presence is here now and will express extreme prejudice🖤👹☠💀
You ARE hackers if you can do these things, WHITE HAT hackers they are called.
And hacking doesn't mean something is bad, it's just people that are good at creative uses of technology, just like electronics engineers but more often with software.
No one can beat you in regard of hacking thank u
Knka turkce altyazida ekle
❤❤
I would be happy if someone would send me one of those overpriced arduino boards. P
So where's the part of the "SHUT DOWN COMPUTER"? Kek. Misleading crap
Hehe
windows lol
If you use a Windows machine you deserve what you get. Windows is trash.
❤
test
Ur name starts with a A
Plus who gives out their real info
Bad USB is not a device.
Bad USB is a rootkit itw malware, PoC in 2013.
To burry the Bad USB malware discussion, someone invented Bad USB device attacker and overly promotes it. Taking the Hak5 Rubber Duck and rebranding it as Bad USB. WTF.
Its branded as Bad USB because he doesn't want to direct traffic to the Hak5 Rubber Ducky