USB drive-by HID attack – part 1 introduction

This series of posts is about keystroke injection tools disguised as generic USB memory sticks and in particular, the BadUSB Beetle, which cost under £10 and is based on an Arduino Leonardo chip.

They can be used to create easily repeatable demonstrations that illustrate why basic security precautions are so important. For example, they can be programmed to grab stored Wi-Fi credentials and send them to a Google email account within seconds of being plugged in. These demonstrations aim to be real-world examples (i.e. with AV and firewalls running on an up to date Windows 10 PC) and show how an attacker or pen tester might exploit a vulnerability or lapse in security.

Continue reading “USB drive-by HID attack – part 1 introduction”

Demonstrating password strength using Aircrack-ng

This demonstration of cracking WPA or WPA2 passwords using Aircrack-ng is based on the many YouTube tutorials and blogs.

Its purpose is to quickly demonstrate to users how poor passwords are vulnerable. One of the great benefits of using Aircrack-ng in a demonstration is that the user-interface looks just like a scene from a movie.

It is important to note that a number of the steps can be completed before the demonstration starts.

Continue reading “Demonstrating password strength using Aircrack-ng”