USB drive-by HID attack – part 1 introduction

This series of posts is about keystroke injection tools disguised as generic USB memory sticks and in particular, the BadUSB Beetle, which cost under £10 and is based on an Arduino Leonardo chip.

They can be used to create easily repeatable demonstrations that illustrate why basic security precautions are so important. For example, they can be programmed to grab stored Wi-Fi credentials and send them to a Google email account within seconds of being plugged in. These demonstrations aim to be real-world examples (i.e. with AV and firewalls running on an up to date Windows 10 PC) and show how an attacker or pen tester might exploit a vulnerability or lapse in security.

Continue reading “USB drive-by HID attack – part 1 introduction”

Demonstrating password strength using Aircrack-ng

This demonstration of cracking WPA or WPA2 passwords using Aircrack-ng is based on the many YouTube tutorials and blogs.

Its purpose is to quickly demonstrate to users how poor passwords are vulnerable. One of the great benefits of using Aircrack-ng in a demonstration is that the user-interface looks just like a scene from a movie.

It is important to note that a number of the steps can be completed before the demonstration starts.

Continue reading “Demonstrating password strength using Aircrack-ng”

Is the media interest in Barts Health Trust cyber attack worse than the cyber attack?

Reporting continues on investigation into a cyber attack at Barts Health Trust, which runs five hospitals in east London.

Initially some reports suggested the Barts had been hit by a ransomware attack, which would have meant malware had encrypted files and the attackers were demanding a ransom to unencrypt. According to some reports the number of ransomware attacks around the world increased rapidly in 2016, affecting a wide range of organisations, including several hospitals.

Continue reading “Is the media interest in Barts Health Trust cyber attack worse than the cyber attack?”