Updated canaryusb; Now it's possible to use a config file for your DNS canary token and the list of trusted devices; Also added some tests; And added a make install.

https://github.com/carvilsi/canaryusb

Get a mail notification via, Canary Tokens (DNS) when a USB device is connected on a GNU/Linux computer.
Could be useful when you leave the laptop unattended or for a server on a remote location, will not prevent to being breached, but at least you'll notice; this is the principle behind @ThinkstCanary Here we are thinking about removable media threats like #BadUSB or data theft.

#security #hardware

@porkroll Because there is no rational reason they can't deploy #PDFarranger via #SCCM or whatever crutch their #MSP uses [because #Windows doesn't have any good #PackageManager whatsoever]...

It sounds more like #SecurityTheater and I'm convinced that it's trivial to #BadUSB their systems since one can configure the USB-IDs and functionality of tools like the #PwnPi / #PwnPiALOA...

I added some new features to canaryusb, the most nice it's that right now it's possible to provide a list of trusted devices, and if any of these are connected, you'll not receive a notification from #canarytoken

https://github.com/carvilsi/canaryusb

Get a mail notification via, Canary Tokens (DNS) when a USB device is connected on a GNU/Linux computer.
Could be useful when you leave the laptop unattended or for a server on a remote location, will not prevent to being breached, but at least you'll notice; this is the principle behind @ThinkstCanary. Here we are thinking about removable media threats like #BadUSB or data theft.

#security #hardware

Remind me tomorrow to try get that pico to run the rubber ducky script...

I've tried so many times but it never seems to work, regardless of OS.

#raspberrypipico #badusb #pico

@proto Interesting that there's a term for it (https://en.wikipedia.org/wiki/Juice_jacking).

I had assumed it was just a logical analogue/extension of #BadUSB.

#JuiceJacking #USB #Security #USBSecurity

If youre concerned about juice jacking attacks there are a few ways to make power only USB cables, the lowest tech one is take a piece of tape, cover the center 2 pins on the USB-A side of the cable now its power only.
If you trust yourself with a pair of wire snips and some heat shrink you can open the cable up the white and green cables are normally data, snip them, test the cable in a computer make sure you get charge and no data, get the heat shrink on the part of the cable you opened up and reseal it. now you have a for sure data only cable.

Juice jacking while a real risk isnt the biggest one when all is said and done and easily mitigated by carrying a power only cable that is labeled clearly or a USB condom, or just using your own wallwart. The more sinister attacks honestly are the cable based ones like this cable https://hacker-gadgets.com/product/evil-crow-cable-badusb/ there are better made ones you can find out there too that its almost impossible to tell them apart from your normal cables and they can do all sorts of stuff. but all of this assumes someone can physically predict where you are and can do something in physical space

#Security #JuiceJacking #BadUSB

Is Your USB-C Dock Out To Hack You? https://hackaday.com/2023/03/26/is-your-usb-c-dock-out-to-hack-you/ #PeripheralsHacks #dockingstation #SecurityHacks #badusb #dock #usbc

Is Your USB-C Dock Out To Hack You? - In today’s installment of Betteridge’s law enforcement, here’s an evil USB-C dock ... - https://hackaday.com/2023/03/26/is-your-usb-c-dock-out-to-hack-you/ #peripheralshacks #dockingstation #securityhacks #badusb #dock #usbc

Wireless BadUSB with Flipper Zero's Inbuilt Bluetooth! #badusb #flipper #hacking

@xssfox plug in the forbidden USB #badusb #rubberducky

Yeah I got a #flipperzero for Christmas. It’s been hellacious fun so far messing with anything regarding a Wi-Fi signal. Right now I’m running #unleashedfirmware been having a ton of run rocking the #BadUSB attacks. Especially in conjunction with cryptex. Linkie in my about.

#infosec #cybersec #cybersecurity #hacking #

What I've done so far with the Flipper Zero:

1. Infrared - Onboard IR can easily detect, clone, and emulate IR codes. Used this to control a few devices at home.
2. 125 kHz RFID - I've been able to detect, clone, and emulate several 125kHz RFID badges and keyfobs.
3. NFC - I can read, clone, and emulate NFC tags. I cloned one of the ones I wrote earlier that can jump on guest wifi. Emulating it works great to connect to guest wifi on my phone!
4. U2F - Works but I prefer Yubikeys. I'm also wondering if there's a way to do the U2F via NFC instead of USB, which would bring it closer to the Yubikey use case. No FIDO2 though (yet).
5. Sub-GHz - I cloned the signal from my car key to unlock my car, but it caused my car to stop trusting my key and it stopped working. I fixed it by resetting my car and key, but it's risky and might make your key stop working. Don't try it unless you're prepared for that. It could cost you your keys!
6. Bluetooth - Sync'd to the phone and Flipper app and found it a useful addition.
7. Wifi Module - Loaded Marauder and it scans and performs attacks successfully.
8. Alternate Firmware - Tried Unleashed. Works great! I'm looking to try some others to see what they offer. RogueMaster up next.

To Do:

1. iButton testing.
2. BadUSB testing.
3. RogueMaster testing.
4. Test more RFID cards.
5. Test more apps.
6. Level up the Flipper!

#FlipperZero #hardware #hardwarehacking #badusb #rfid #infrared #nfc #wifi #hacking #infosec #security #cybersecurity

Recommended #opensource #USB #protection for #DigitalSelfDefense against #BadUSB on #Linux: #USBGuard

Why? - Block unknown USB devices from #PlugAndPlay · Allow devices temporarily or permanently · Caveats: 1) Does not protect against allowed USB devices with (secretly) re-programmed firmware, #KillUSB or #JuiceJacking. 2) Remember to permanently allow all devices that are currently connected, during installation.

https://usbguard.github.io/

More recommendations: https://tuxwise.net/recommended-software/

Recommended #opensource #USB #protection for #DigitalSelfDefense against #BadUSB on #Linux: #USBGuard

Why? - Block unknown USB devices from #PlugAndPlay · Allow devices temporarily or permanently · Caveats: 1) Does not protect against allowed USB devices with (secretly) re-programmed #firmware, #KillUSB or #JuiceJacking. 2) Remember to permanently allow all devices that are currently connected, during installation.

https://usbguard.github.io/

More recommendations: https://tuxwise.net/recommended-software/

Finished up @Spacehuhn #BadUSB course.

#tails but in rare #xbox360 wireless networking adapter form. I’m going to solder in a green led too eventually. Will post it running shortly but it’s pretty straightforward. The fun part is breaking old stuff and putting new stuff inside of it. #maker #badusb #xbox

First #hackathon just recently ended, and I'm impressed that while half of them were teenagers and that they could create things like #quantumcomputing (and rick rolls). I didn't know what to expect from a hackathon, but it was amazing.

Meanwhile I just made a #badusb with my #pipico.

#infosec lesson from #InsideMan on #Netflix Never take a #usb from no one. Most #frustrated show I have seen in last few weeks.
#badusb

@rolltime that's this #BadUSB everyone talks about?

Heute, in einer Zeit, in der weltweit mehr als 2,5 Millionen Industrieroboter im Einsatz sind, ist die Gefahr durch Angriffe mittels gefährlicher #Schadsoftware über die #USB-Schnittstelle sehr hoch. Die Standard-USB-Speicherschnittstelle an sich bietet nur sehr begrenzte Möglichkeiten die Sicherheit zu gewährleisten. Ein USB-Gerät, das sich gemäß des USB-Standards zu erkennen gibt, erhält im Allgemeinen einen vollen Zugriff auf Teile des Host-Systems.

#BadUSB #USBKiller