Hak5 1023 – Automate Everything, Using Expect and Encrypting One Cloud

[types field=”intro”]


Download HD | Download MP4


[types field=”notes”]


  • BenjaminD.

    Hey Darren,

    could you not just start a linux live-cd (or live-usb for that matter) and then plug in the suspicious usb drive?

    It may be a bit anoying, but I think it is safe.


  • Gord Campbell

    To safely insert a flash drive, in Ubuntu 11.10 go to the top-right corner and click System Settings. Select “Removable Media.” Check the box, “Never prompt or start programs on media insertion.”

  • redxine

    I got thinking of protecting against evil rubber duckies and realised that mass storage isn’t the problem. While it’s relatively simple to prevent FUSE from mounting mass storage automatically, the thing we want is to prevent the “mass storage device” from sending HID events.

    Perhaps setting up a cheap and old box (or perhaps even a little RaspberryPi) with the usbhid module blacklisted (sudo modprobe -r usbhid) to plug a device to check into. A wireshark/usb dump can be done over ssh, et al to inspect the true intentions of the device. It’s a simple way to check for vendor ID, etc. and since it only requires runlevel 3, mouse and keyboard events/attacks can be rendered useless with a repurposed getty input (perhaps just an inkey program that redirects to a file to figure out what said evil rubberducky is up to).

  • AnetteCReinen

    Hi, i think that i saw you visited my blog so i came to “return the favor”.I’m trying to find things
    to enhance my web site!I suppose its ok to use some of your ideas!!

  • VannessaOMcmilleon

    Does your blog have a contact page? I’m having problems locating it but, I’d like to shoot you
    an e-mail. I’ve got some recommendations for your blog you might be
    interested in hearing. Either way, great website and I look forward to seeing it develop over time.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>