@@Un_Pour_Tous In the Katana Framwork there is a toolkit called Websploit. After you install check out your hciconfig and then run websploit. $ hciconfig $ hciconfig hci0 up $ hcitool scan (find the target device) $ websploit $ show modules $ use bluetooth/bluetooth_pod $ show options $ set bdaddr 00:00:00:00:00:00 (device mac) $ run [+]Bluetooth Ping of Death in progress....
May I suggest a different solution? Use Linux! You can't do anything malicious on a Linux system unless you know the root or sudo password. A USB stick with text/kb commands won't do diddly squat.
You say that as a joke, at work just a few days ago, we actually filled a USB port with epoxy resin to prevent people plugging into it (but only because it was broken, not because of badUSBs)
@@adamthomas6643 Splice the cable. Pain in the ass, but enough of a pain that people couldn't get away with it without drawing too much attention to themselves.
It's simple, rename CMD to something stupid that you can remember. Replace the original CMD with a keylogger. This technique is commonly used against scammers who try to syskey systems, where they replace syskey with a program that looks identical but actually just logs the password they input.
A simple solution (particularly for public computers) would be to have the computer immediately lock down if it detects a second keyboard has been attached. Under normal circumstances, there's no reason for a computer to have two keyboards plugged in at once, particularly if the second keyboard was attached after the first.
@@irgendwerirgendwo9095 making a PS/2 rubber ducky wouldn't be difficult either, just limiting the protocol in use wouldn't realy improve security much
@@down2006 I can't deny that. But here's my point: Let's assume that a malicious actor were to disguise a rubber ducky or a similar device as a normal USB drive. Anyone without the knowledge of such devices existing would automatically assume that it is a normal USB drive and eventually plug it into a computer. If it were a "PS/2 drive" they would be suspicious, because only keyboards and mice are using PS/2 ports, but no other device. They would also have to unplug a mouse or keyboard before using the drive, which should set off some mental alarm bells. Many motherboards also have labels (or something similar) next to the PS/2 port and if you plug a drive into a port labeled for keyboards, then I'd assume that either you can't read or you're doing it with bad intentions or you're extremely curious.
Disable all usb in bios but mouse, keyboard, and add policy to not accept any new devices that need installation. You can verify it by plugging new mouse or new keyboard from other vendor, it won't work.
4g0tt3n Sou1 Well, if the attacker has physical access for a long enough time (at most 30 minutes if your computer is slow), it’s already game over for you.
Unless you're a specific target of course. If you're a specific target, the BadUSB may be configured in such way it already knows your settings. The attacker may be profiling you for some time, literally stalking you and watching you without you knowing it. They might then learn about what OS you have installed on your computer, or if you use a virtual machine mostly, what's your behaviour, if you lock your computer when you're away, etc. They might then start figuring out your password, collect your biometric data (try to capture your fingerprint, reconstruct your face, etc.) - Once they have everything settled, they might prepare few variants of the same script, and most likely install a reverse shell on your system using BadUSB. That is a very specific attack that targets you and you only. Can you protect yourself somehow? I don't know. Are you likely to be a target of that specific attack? Not much. That depends on how important your position is. Being a youtuber doesn't make you likely to be target of such attack. Being a highly ranked diplomacy officer surely makes you very likely to be a target of a specifically crafted spear attack. People on diplomatic missions need to be secured all the time. Once their security relaxes for a while, they're a weak spot and such attack is very much possible, depending on how much time that person is unattended by his security. Not only them, their devices have to be secured, too.
Right, because it's so difficult to solder a PS/2 connector in place of the USB connector and reflash my device of choice to communicate with the PS/2 protocol. Thanks for the security!
@@fullcode7600 not like they won't be reinstalled with literally almost any update. Windows updates, software updates, firmware updates after plugging in a device.
There is an option in device manager to turn hardware off. That is what you mean. But good luck using your PC / laptop without USB. Sure it’s possible but it will be a daily pain in the ass.
That's because you setup your account with admin privilege when you install Windows. If you then make a user account, it will have to escalate and prompt for admin password whenever it needs it. But you have to do this manually and you don't do it because you can't be bothered (me included), where I think, GNU/Linux has much more strict permission management.
Thank you for the ConsentPromptBehaviorAdmin advice. I changed that immediately! Every sudo or GUI-based system change on Linux asks for the password by default, but Windows? Password is Left Arrow Key? Certainly, carry on!
Only one problem with the last one. If you can get into regedit with the keyboard, then it could just get into it and change the value to 5, then answer the yes/no prompt and deliver all the code it needs to. Yes, it may stop a few BadUSB's, but a smart hacker could get around this solution. The most secure option is DuckHunt, but if a hacker really knew how to optimise code and had a little bit of knowledge about your computer files prior, it may be able to open task manager and shut it down, if the hacker knew the user used DuckHunt. Mind you if they had literal access to the computer, they probably wouldn't need to use a BadUSB. However this outcome is very unrealistic. Overall, DuckHunt is probably the most secure option.
this saved me so much because I (stupidly) left my friends alone with my PC. We picked the BasUSB’s up to play with each other and they plugged it in and tried to delete the operating system and since I had the paranoid option enabled, it only got into settings before it was stopped tysm I need new friends haha
Well here is the other problem. People are using their administrator accounts as user accounts. What people need to do is have a separate admin account and use a non-admin account as their user account and they wouldn't run into these problems in the first place.
Its basically a design problem. Windows gives user admin rights (with the prompt as "security" measure) as long as no admin account is registered. And Windows doesn't create an seperate Admin account while installing itself. The reason is easy: It is easier for the user that is not IT literate. On the other hand traiding security for ease of use was a bad idea. The whole indian Microsoft scam scene is based on the problem that windows admin or system priveleges are optainable through keyboard inputs.
You're better off just remapping your keyboard shortcut to terminal/powershell/cmd. Pretty much every script has that as the first thing to accomplish anything so remapping it will stop it dead in its tracks, unless an attacker targets you specifically and already knows what you swapped it to.
My thought is a software fix in the driver that connects to your USB. Reprogram it so that whenever a new keyboard is attached it demands a password to be entered on any keyboard that is already attached.
GPE's (Group policies editor) - Is another rather efficient way to block the bad usb attacks in an organization, granted it wont stop it all either, it will only mitigate it, if someone has unfettered access to a computer on a network, all they'd have to do is have a few minutes too themselves, go in and run the badusb's script/payload. It is definitely best to disable all of that, and have a trusted user at each 'location' click on each file/run it to further mitigate the badusb potential. - Defense in depth, for the win. :) Whether you trust your co-workers/"worker bees" aka the front line or not, it is indeed best practice to prevent the installation of foreign software/scripts, as well as auto run on all computers in a network. - You never know when some random joe/sally might see hmm... that computer is being left unattended... let me see if I can get anything from it with this badusb/my other skills!
Well as far as I know the registry does not require a admin password to be changed. A badusb could just as default set the key to 5 and then run its stuff in the command prompt.. I really don't know what the best way is to stop attacks other than fill up the ports with goo.. :)
Crazycatsbackboi , what user in what environment would you do that to? Office users? They have the need always to plug all kind of stuff into the usb. And how will you disable the usb in windows? And then again enable it when your users need it?
Of fucking course you need privilege escalation to even touch the registry. Your misconception is that the first user on the machine starts as a user as opposed to an admin. The very first account starts off with admin, so you'd either need to enable the administrator account that is inactive by default and remove your own permissions, or USE YOUR HEAD like everyone else.
Thank you for showing me that method for password-protecting UAC! I thought the only way to do that was to make another user profile, which I didn't want to do. I guess I don't have to!
Though those has their own flaws (like the last one, which can be disabled through Regedit also, if the hacker is diligent enough), I may propose another fix: make 2 different users (admin and standard). This standard user will need admin password every time they want to access system-critical functions, so it's actually safer, and useful for office. Just my 2 cents :)
The last deal-breaker for Duck Hunter will be its incompatibility with U2F security keys (e.g: YubiKey), mostly because these keys operate on the same basis, by using HID devices...
am not a computer security expert, but I think physical security to the room / office where the computer(s) in question are located is just as important (like how server rooms are protected), locking your doors when leaving that room / office is just as important. also most hacks do not come from outside forces, they are actually initiated by experienced techs and crooked / bitter admins who already know the ins and out of that environment, it is analogous to (how we tend to hurt the ones we love), corrupt cops sabotage the gov that employs them by dealing with criminals, and they are the crime 'admins', so another layer of defense may be implement systems that track all user activities regardless of authorization, key-log everything they do, use a UTM like Sophos to document their every move while in the building and read the logs yourself or have the UTM / key-logger send you immediate alerts should there be dangerous activities going on outside of work interests. In addition using these tips from the community and experts would not make it impossible to hack your computer systems, but definitely would deter a large percentage of the set of possible ways to hack or sabotage them... just my opinion
I remember people used to just directly access memory passing through badly done USB chips and IEEE1394. Was mostly solved years ago of course, except for Apple hardware.
there are basic things you can do to bypass this as BadUSB attacking is just a pre written code which would mimic a bunch of key presses so if you had a pre installed software that would do the exact same type of thing as the BadUSB then it would stop it for example you could have some code running that presses the F key every few seconds or the right arrow key and there can be a toggle switch that disables this when you are typing stuff on your PC or when you are playing games or whatever
For the average user, instead of using the registry maybe it's better to advise them to install something like Penteract Disguised Keyboard Detector which would lock the screen when any keyboard is connected.
TIL the windows registry has documentation. Though, admittedly, I don’t think I ever thought to check… “Don’t touch anything else” is definitely good advice given the nature of the tutorial 😬
Alternatively to the last one, just keep a separate Admin account to your normal account. That way you can guarantee that you will always be prompted for an admin password.
Love your products! ive purchased everything up for sale to this date and highly recommend them to anyone looking to buy products listed on his website! :D
Got any way to lock out "USB Killer" attacks? They're basically devices which deliver an electrical attack through USB port - they don't want to access data, they want to kill hardware. It's always possible to harden USB ports with built-in isolators and breakers - but that adds cost and bulk and latency, and it's just not a feature on consumer devices. It seems smarter to completely deny all enumeration which isn't explicitly requested or permitted - screw being exploited by USB specifications, simply cut off all power to the port(s).
WiFi deauther? Can’t you just send deauth packets with that Aircrack-ng program? Or is there a difference between software and that piece of hardware..? :)
Would be useless on an *nix system unless purposely targeted most people have different shortcuts, there aren't "default" shortcut futhermore you can't rly make much dammage without root access on a properly configured system
Wait... What if we use all three of these protections!??! That might seem a little overkill, but trust me. Why do you have not only locks on your doors, but a security system too?
Can you run a program in the background that just pops up a simple confirmation(one that you can change and the attacker would have to guess) in order to allow keyboard access on new plug in? It could even be a simple math problem that is dynamic. "1+2=?"
Sorry to be pedantic but couldn't we indulge in an arm's race and use the bad usb to power up the registry, change the admin command prompt level back to 5 and then get a command prompt up?
duckhunter can just be taskkilled from the cmd prompt though? Maybe make the ducky script run slow in the beginning until it kills the duckhunter process, and then whizz away with your lorem ipsum.
Interesting topic, I'd like those video on securing our systems. I was a linux user since the late 90s but always had a dual boot, since windows 10 I now run only linux because I can't trust windows enough, since you are running it a video with some advice on how to properly secure it from potential problems and from microsoft itself would be very apreciated, thanks!
there are many way to protect yourself one of them is to take out all of your usb ports and install 2 or 3 pcie serial cards cons slow and comparability on some things pros db9 connectors are really robust its on pretty much every computer from 1965 to now and you can run insanely long cables using amps to boost the signal every so often but you would probably be better off just not letting people plug stuff in
Hi and good day to you. What if you are using Windows 10's Hello biometric feature, would changing the ConsentPromptBehaviorAdmin registry key still work since there is no password already involved? Thank you in advance for answering. P.S. Thanks also for the Ctrl+Shift+Enter shortcut key for accessing the Command Prompt in Admin mode. That was new to me. 🙂
This looks promising.. gpedit.msc > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions > Prevent installation of devices not described by other policy settings
Linux allows you to have a whitelist system where hardware you have not specifically whitelisted just will not function, it'll get power but that's it, so unless your system is already compromised and the attacker managed to whitelist the BadUSB, your system is immune to BadUSB. Though, if an attacker already has access to your system to the point they can modify udev rules, what's the point of BadUSB? wiki,gentoo,org/wiki/Allow_only_known_usb_devices
On Windows, isn't it best practice to have an "admin" account and a "use this for literally anything" account? So it asks for the admin's password by default?
Affects Windows and mac but doesn't affect Linux as it doesn't do autoplay from usb devices, won't be able to run it's own scripts as it won't have permission and won't have permission to do anything or do anything as root
when i get an unknown keyboard connected i just silently sync the vital data and start erasing my storage. Same if someone opens the case or moves it while powered on
Well, if they can connect USB to your computer, that means you are not there to stop it. In that case, the computer is not locked, can't they just use the keyboard??
Average person types at 40 words per minute. The rubber ducky can do around 1000 words per minute. This lets you pre program complex scripts that can be executed automatically in just seconds when you plug it into someone’s PC
Can a rubber ducky be used to install a reverse shell on a pc/lap ? and can this last modification to value data 1 prevent future access, months after the reverse shell had been installed ? would appreciate any advice
I am sure there is a way to disable all devices from connecting via USB except for a specific type of keyboard and mouse (I don't know how but I know this is possible because a few years ago when I was in high school (I left high school in 2013) we couldn't even plug any foreign devices in to school PC's without them being the exact same type of keyboard and mouse the school was using and only one of each and sometimes you couldn't even use the damn things if they had become unplugged during usage like PS/2 keyboards and mice do)
Check out my new store! Your one stop Hacker Hardware Shop! ==> maltronics.com
I asked my grandad for a malduino before I came to this channel. In fact this is my 1st video
Seytonic, work on how to jam Bluetooth so i can shut up all the car thumpers.
@@Un_Pour_Tous In the Katana Framwork there is a toolkit called Websploit. After you install check out your hciconfig and then run websploit.
$ hciconfig
$ hciconfig hci0 up
$ hcitool scan (find the target device)
$ websploit
$ show modules
$ use bluetooth/bluetooth_pod
$ show options
$ set bdaddr 00:00:00:00:00:00 (device mac)
$ run
[+]Bluetooth Ping of Death in progress....
Steve, yes I have used this on the RPI3. But the Ping of Death has no effect on modern bluetooth devices.
May I suggest a different solution? Use Linux! You can't do anything malicious on a Linux system unless you know the root or sudo password. A USB stick with text/kb commands won't do diddly squat.
just fill your usb ports with cement
You say that as a joke, at work just a few days ago, we actually filled a USB port with epoxy resin to prevent people plugging into it (but only because it was broken, not because of badUSBs)
@@2000jago r/woosh
@@pastasam4069 Yep. Super glue in the keyboard and mouse, and fill the rest with epoxy. It is a tried and tested solution to the problem.
Richard Smith But what do you do when someone inevitably spills coffee all over the keyboard? (Trust me this has never happened to me... I promise!)
@@adamthomas6643 Splice the cable. Pain in the ass, but enough of a pain that people couldn't get away with it without drawing too much attention to themselves.
"Just like heroin!"
~Seytonic
To be fair, he does look a little like Tommy from trainspotting 😂
Seytonic: Prevent badusb attacks!
Also Seytonic: buy my badusb!
😊
Buy my flamethrowers! Buy my fireproof suits!
@@SendyTheEndless so you dont burn yourself with the flamethrower
In order to test that you've successfully protected yourself.
so you can get revenge
Seytonic: I play both sides, so I always come out on top!
It's awesome how transparent you are
Come back out of his ass again now
It's simple, rename CMD to something stupid that you can remember. Replace the original CMD with a keylogger. This technique is commonly used against scammers who try to syskey systems, where they replace syskey with a program that looks identical but actually just logs the password they input.
I'm glad you taught me about turning Command Prompt into a password-required thing. That's insanely useful.
A simple solution (particularly for public computers) would be to have the computer immediately lock down if it detects a second keyboard has been attached. Under normal circumstances, there's no reason for a computer to have two keyboards plugged in at once, particularly if the second keyboard was attached after the first.
some mice act as a mouse and keyboard due to their programmable buttons. any gaming mouse would almost certainly trigger this
Only use PS/2 keyboards and deactivate the usb keyboard drivers
@@irgendwerirgendwo9095 making a PS/2 rubber ducky wouldn't be difficult either, just limiting the protocol in use wouldn't realy improve security much
@@down2006 I can't deny that.
But here's my point: Let's assume that a malicious actor were to disguise a rubber ducky or a similar device as a normal USB drive. Anyone without the knowledge of such devices existing would automatically assume that it is a normal USB drive and eventually plug it into a computer.
If it were a "PS/2 drive" they would be suspicious, because only keyboards and mice are using PS/2 ports, but no other device. They would also have to unplug a mouse or keyboard before using the drive, which should set off some mental alarm bells. Many motherboards also have labels (or something similar) next to the PS/2 port and if you plug a drive into a port labeled for keyboards, then I'd assume that either you can't read or you're doing it with bad intentions or you're extremely curious.
0:33 *HOLY GOD I NEVER KNEW TO OPEN THE CMD IN ADMINISTRY MOD IS CTRL+SHIFT+ENTER THX*
Windows r.. cmd 😂👌
Lol
@@KeiranR that will not open it as admin
@@DamienPup WIN + R "CMD \admin" ez
Win+X, A, left arrow key, enter
"kind of like herion" - Seytonic 2018.
Fuqin' epiq!
Disable all usb in bios but mouse, keyboard, and add policy to not accept any new devices that need installation. You can verify it by plugging new mouse or new keyboard from other vendor, it won't work.
Rubber Ducky can mimic vendor IDs so a real attacker will due diligence .
won't*
You can't disable input pre-bios. With enough patience no matter what you do there will be a vulnerability. Perfect security can't exist.
@@jacobteel2419 use same keyboard vendor, update policy remotely?
4g0tt3n Sou1 Well, if the attacker has physical access for a long enough time (at most 30 minutes if your computer is slow), it’s already game over for you.
The only UA-camr with useful merch
Lol. Why is there Vodka in the background?
Greetings from Germany.
Leon.
I realised that when editing the video 😂 It's nougat flavour vodka - delicious.
What do you mean "Why"?
The man just said NO heroin, so...
He is hiding the heroin in it (yes you can drink that)
in Canada that would be maple syrup
You actually pointed out a point of bias... darn. People like you are a rare species these days. Respect.
"MAC USERS YOU HAVE NOT ESCAPED THIS ONE!"
HAHA THAT MADE ME LAUGH
But Linux users have :D
Even Linux users are effected by badusb.
@@russellmania5349 it can type but can't do sudo ...
yet.
@@H3wastooshort Not "yet" never, you can't type escalated commands without knowing the password.
Bottle of alcohol in the background + BadUSB are like heroin = Family Friendly
Stop right there!
No content police here!
Seytonic: shows us how to avoid badUSB attacks
Also Seytonic: sells badUSB devices
Logic 100
Love how Seytonic is clear and gets to the point in his videos! Keep up the good work mate!
here is what i tell my less techy friends and family member
"NEVER let anyone get physical access to your computer"
Unless you're a specific target of course. If you're a specific target, the BadUSB may be configured in such way it already knows your settings. The attacker may be profiling you for some time, literally stalking you and watching you without you knowing it. They might then learn about what OS you have installed on your computer, or if you use a virtual machine mostly, what's your behaviour, if you lock your computer when you're away, etc. They might then start figuring out your password, collect your biometric data (try to capture your fingerprint, reconstruct your face, etc.) - Once they have everything settled, they might prepare few variants of the same script, and most likely install a reverse shell on your system using BadUSB. That is a very specific attack that targets you and you only. Can you protect yourself somehow? I don't know. Are you likely to be a target of that specific attack? Not much. That depends on how important your position is. Being a youtuber doesn't make you likely to be target of such attack. Being a highly ranked diplomacy officer surely makes you very likely to be a target of a specifically crafted spear attack. People on diplomatic missions need to be secured all the time. Once their security relaxes for a while, they're a weak spot and such attack is very much possible, depending on how much time that person is unattended by his security. Not only them, their devices have to be secured, too.
The last suggestion was a good option. Also if you have a Windows edition with group policy, you may block all un-whitelisted usb devices.
Swithc to PS/2 and uninstall usb drivers.
Right, because it's so difficult to solder a PS/2 connector in place of the USB connector and reflash my device of choice to communicate with the PS/2 protocol. Thanks for the security!
@@Shit_I_Missed. or just buy a 2 dollar usb to ps/2 adapter lol
@@Jacob-rt6on (and delete usb drivers*)
@@fullcode7600 not like they won't be reinstalled with literally almost any update. Windows updates, software updates, firmware updates after plugging in a device.
There is an option in device manager to turn hardware off. That is what you mean. But good luck using your PC / laptop without USB. Sure it’s possible but it will be a daily pain in the ass.
"You're a few keys away from admin privileges"
These keys being my dad's password, the attacker would have to be *_good_*
Almost all hacks rely on privilege escalation, i'm surprised WIndows 7/8/10 does not prompt for a password for Administrator rights by default.
That's because you setup your account with admin privilege when you install Windows. If you then make a user account, it will have to escalate and prompt for admin password whenever it needs it. But you have to do this manually and you don't do it because you can't be bothered (me included), where I think, GNU/Linux has much more strict permission management.
@@vdochev Also OSX, so its more a Unix thing rather than just Linux
Privilege escl. Is a problem on nearly all modern devices.
Any AD environment should not allow users to have Admin rights.
Thank you for the ConsentPromptBehaviorAdmin advice. I changed that immediately! Every sudo or GUI-based system change on Linux asks for the password by default, but Windows? Password is Left Arrow Key? Certainly, carry on!
Оооо водка на столе XD
Наливай, я составляю тебе компанию !
Какие люди))
Опа
Is this for an unattended computer?
Or...does someone need to be signed in as admin?
Only one problem with the last one.
If you can get into regedit with the keyboard, then it could just get into it and change the value to 5, then answer the yes/no prompt and deliver all the code it needs to.
Yes, it may stop a few BadUSB's, but a smart hacker could get around this solution.
The most secure option is DuckHunt, but if a hacker really knew how to optimise code and had a little bit of knowledge about your computer files prior, it may be able to open task manager and shut it down, if the hacker knew the user used DuckHunt. Mind you if they had literal access to the computer, they probably wouldn't need to use a BadUSB. However this outcome is very unrealistic.
Overall, DuckHunt is probably the most secure option.
You can also disable USB ports when you know you will be around crowded space with regedit
Did he leave that out on purpose?
Usuall can also be disabled in BIOS/Setup
Great! No annoying background music.
this saved me so much because I (stupidly) left my friends alone with my PC. We picked the BasUSB’s up to play with each other and they plugged it in and tried to delete the operating system and since I had the paranoid option enabled, it only got into settings before it was stopped tysm I need new friends haha
you can just fill your USB ports with epoxy glue
hol’ up
Well here is the other problem. People are using their administrator accounts as user accounts. What people need to do is have a separate admin account and use a non-admin account as their user account and they wouldn't run into these problems in the first place.
Its basically a design problem. Windows gives user admin rights (with the prompt as "security" measure) as long as no admin account is registered. And Windows doesn't create an seperate Admin account while installing itself. The reason is easy: It is easier for the user that is not IT literate. On the other hand traiding security for ease of use was a bad idea. The whole indian Microsoft scam scene is based on the problem that windows admin or system priveleges are optainable through keyboard inputs.
You're better off just remapping your keyboard shortcut to terminal/powershell/cmd. Pretty much every script has that as the first thing to accomplish anything so remapping it will stop it dead in its tracks, unless an attacker targets you specifically and already knows what you swapped it to.
at 1:20 you faded into your next frame to avoid a jump cut and for that you have my admiration
My thought is a software fix in the driver that connects to your USB.
Reprogram it so that whenever a new keyboard is attached it demands a password to be entered on any keyboard that is already attached.
on some computers you can disable USBs in the BIOS. If they aren't being searched then they aren't going to work.
GPE's (Group policies editor) - Is another rather efficient way to block the bad usb attacks in an organization, granted it wont stop it all either, it will only mitigate it, if someone has unfettered access to a computer on a network, all they'd have to do is have a few minutes too themselves, go in and run the badusb's script/payload.
It is definitely best to disable all of that, and have a trusted user at each 'location' click on each file/run it to further mitigate the badusb potential. - Defense in depth, for the win. :)
Whether you trust your co-workers/"worker bees" aka the front line or not, it is indeed best practice to prevent the installation of foreign software/scripts, as well as auto run on all computers in a network. - You never know when some random joe/sally might see hmm... that computer is being left unattended... let me see if I can get anything from it with this badusb/my other skills!
Well as far as I know the registry does not require a admin password to be changed. A badusb could just as default set the key to 5 and then run its stuff in the command prompt.. I really don't know what the best way is to stop attacks other than fill up the ports with goo.. :)
Crazycatsbackboi , what user in what environment would you do that to? Office users? They have the need always to plug all kind of stuff into the usb. And how will you disable the usb in windows? And then again enable it when your users need it?
Of fucking course you need privilege escalation to even touch the registry. Your misconception is that the first user on the machine starts as a user as opposed to an admin. The very first account starts off with admin, so you'd either need to enable the administrator account that is inactive by default and remove your own permissions, or USE YOUR HEAD like everyone else.
I never bring my computer out in public ever. I have a encrypted VNC to my iPad. The only thing you can't do is play games(very well).
Also having a couple raspberry pi laying are a good $20 alternative to plugging in a random USB to see what is on it.
Thank you for showing me that method for password-protecting UAC! I thought the only way to do that was to make another user profile, which I didn't want to do. I guess I don't have to!
Though those has their own flaws (like the last one, which can be disabled through Regedit also, if the hacker is diligent enough), I may propose another fix: make 2 different users (admin and standard).
This standard user will need admin password every time they want to access system-critical functions, so it's actually safer, and useful for office.
Just my 2 cents :)
The only thing you can do is mitigate the attacks of bad usb.
This guy is LEGIT!! Thanks!!✌️
Thanks for that Registry tip. I noticed it works for PowerShell also, good to know.
The last deal-breaker for Duck Hunter will be its incompatibility with U2F security keys (e.g: YubiKey), mostly because these keys operate on the same basis, by using HID devices...
am not a computer security expert, but I think physical security to the room / office where the computer(s) in question are located is just as important (like how server rooms are protected), locking your doors when leaving that room / office is just as important. also most hacks do not come from outside forces, they are actually initiated by experienced techs and crooked / bitter admins who already know the ins and out of that environment, it is analogous to (how we tend to hurt the ones we love), corrupt cops sabotage the gov that employs them by dealing with criminals, and they are the crime 'admins', so another layer of defense may be implement systems that track all user activities regardless of authorization, key-log everything they do, use a UTM like Sophos to document their every move while in the building and read the logs yourself or have the UTM / key-logger send you immediate alerts should there be dangerous activities going on outside of work interests. In addition using these tips from the community and experts would not make it impossible to hack your computer systems, but definitely would deter a large percentage of the set of possible ways to hack or sabotage them... just my opinion
I remember people used to just directly access memory passing through badly done USB chips and IEEE1394. Was mostly solved years ago of course, except for Apple hardware.
A little bit of work on Microsoft's side to somewhat randomize the UAC prompt would filter out most of the most dangerous attacks.
I have an old Apple Xserve and that has a security lock that will block all usb devices plugged in when locked.
there are basic things you can do to bypass this as BadUSB attacking is just a pre written code which would mimic a bunch of key presses so if you had a pre installed software that would do the exact same type of thing as the BadUSB then it would stop it for example you could have some code running that presses the F key every few seconds or the right arrow key and there can be a toggle switch that disables this when you are typing stuff on your PC or when you are playing games or whatever
For the average user, instead of using the registry maybe it's better to advise them to install something like Penteract Disguised Keyboard Detector which would lock the screen when any keyboard is connected.
Thank you for your website myaan😍
Was wondering from a while finally got it..🤘🤘
Thanks For the Admin Setup Saves Any Risks :) Great Content
Thank you very much, I didn't expect a simple registry hack to work.
TIL the windows registry has documentation.
Though, admittedly, I don’t think I ever thought to check…
“Don’t touch anything else” is definitely good advice given the nature of the tutorial 😬
Alternatively to the last one, just keep a separate Admin account to your normal account. That way you can guarantee that you will always be prompted for an admin password.
Love your products! ive purchased everything up for sale to this date and highly recommend them to anyone looking to buy products listed on his website! :D
Got any way to lock out "USB Killer" attacks? They're basically devices which deliver an electrical attack through USB port - they don't want to access data, they want to kill hardware.
It's always possible to harden USB ports with built-in isolators and breakers - but that adds cost and bulk and latency, and it's just not a feature on consumer devices.
It seems smarter to completely deny all enumeration which isn't explicitly requested or permitted - screw being exploited by USB specifications, simply cut off all power to the port(s).
I spent my British pounds on a Malduino and Wi-fi deauther are you proud of me
WiFi deauther? Can’t you just send deauth packets with that Aircrack-ng program? Or is there a difference between software and that piece of hardware..? :)
@@weeb3856 there is a big difference
CS: GOPNIK what’s the difference?
Would be useless on an *nix system unless purposely targeted
most people have different shortcuts, there aren't "default" shortcut
futhermore you can't rly make much dammage without root access on a properly configured system
"on a properly configured system" - a legendary creature, rare as the earth is round
Wait... What if we use all three of these protections!??! That might seem a little overkill, but trust me. Why do you have not only locks on your doors, but a security system too?
You can also adjust the UAC behavior to ask for a password in the control panel. No need for the registry spelunking.
You inspire me a lot, I bought also a malduino elite!
Best defense against a rubber ducky is duck-tape.
Can you run a program in the background that just pops up a simple confirmation(one that you can change and the attacker would have to guess) in order to allow keyboard access on new plug in? It could even be a simple math problem that is dynamic. "1+2=?"
Sorry to be pedantic but couldn't we indulge in an arm's race and use the bad usb to power up the registry, change the admin command prompt level back to 5 and then get a command prompt up?
Thank you! Extremely valuable information.
duckhunter can just be taskkilled from the cmd prompt though? Maybe make the ducky script run slow in the beginning until it kills the duckhunter process, and then whizz away with your lorem ipsum.
Interesting topic, I'd like those video on securing our systems. I was a linux user since the late 90s but always had a dual boot, since windows 10 I now run only linux because I can't trust windows enough, since you are running it a video with some advice on how to properly secure it from potential problems and from microsoft itself would be very apreciated, thanks!
there are many way to protect yourself one of them is to take out all of your usb ports and install 2 or 3 pcie serial cards cons slow and comparability on some things pros db9 connectors are really robust its on pretty much every computer from 1965 to now and you can run insanely long cables using amps to boost the signal every so often
but you would probably be better off just not letting people plug stuff in
Hi and good day to you. What if you are using Windows 10's Hello biometric feature, would changing the ConsentPromptBehaviorAdmin registry key still work since there is no password already involved? Thank you in advance for answering.
P.S. Thanks also for the Ctrl+Shift+Enter shortcut key for accessing the Command Prompt in Admin mode. That was new to me. 🙂
Detect an usb device not in your whitelist. instantly lock the machine and lock your bitlocker volumes.
Here's an idea: Maybe make a program that when a new keyboard is added, it requires that you type a random password/pin it shows.
Yup, i had that idea too. Shouldn't be too hard
Well it doesnt ask you for a pin because I was too lazy but it asks you to press Control+Alt+Delete. I might add a pin in the future
Like when Bluetooth asks you type a random code when connecting new keyboards.
this guy is my hero! awesome knowledge
Dont run your computer in admin account helps alot too. You can type in admin pas3ord when u need to do something admin related.
So "BadUSB" has been co-opted from being a specific USB firmware vuln to an umbrella term that encompasses anything bad that can be done with USB?
its a bad idea to use win 10 admin account as daily driver? if one doesnt have to,of course. very nice and honest video,right here!
If you have Windows Hello, putting option 1 in the UAC Will also let you use that?
Wow. "Prevent". Bold words. You'd save face by changing that, unless you somehow invented perfect security.
@cgwworldministriesA) Show us proof. B) You are completely wrong.
I'm totally not gonna annoy my bf with bad copypastas on loop playing at max volume
Good Olden days when we didn't had to see your face!!😂😂
This looks promising..
gpedit.msc > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions > Prevent installation of devices not described by other policy settings
on some laptops you can disable usb's in bios
Linux allows you to have a whitelist system where hardware you have not specifically whitelisted just will not function, it'll get power but that's it, so unless your system is already compromised and the attacker managed to whitelist the BadUSB, your system is immune to BadUSB. Though, if an attacker already has access to your system to the point they can modify udev rules, what's the point of BadUSB?
wiki,gentoo,org/wiki/Allow_only_known_usb_devices
Sometime powering a device causes enough damage.
For the duck hunt, the hackers may just go on task manager and end it.
Might not be great.
thank you, you saved my life
0:16 Improvise. Adapt. Overcome
If I ever buy something like this, you know I’m about to rickroll someone
On Windows, isn't it best practice to have an "admin" account and a "use this for literally anything" account? So it asks for the admin's password by default?
yes, but almost no one does that. Doing the registry trick he mentioned though is probably just as good.
Excellent video well done keep the good work up.
As I've once heard, prevention is better than cure
so if you want to prevent bad usbs then have no usb ports in the first place
case solved
Affects Windows and mac but doesn't affect Linux as it doesn't do autoplay from usb devices, won't be able to run it's own scripts as it won't have permission and won't have permission to do anything or do anything as root
when i get an unknown keyboard connected i just silently sync the vital data and start erasing my storage. Same if someone opens the case or moves it while powered on
Wow that is next level.
Well, if they can connect USB to your computer, that means you are not there to stop it. In that case, the computer is not locked, can't they just use the keyboard??
Average person types at 40 words per minute. The rubber ducky can do around 1000 words per minute. This lets you pre program complex scripts that can be executed automatically in just seconds when you plug it into someone’s PC
Can you change The Highlighted Key from "No" to "Yes" and achieve a similar result?
You forgot one option could just trust one keyboard driver and specify the port that its connected
Can a rubber ducky be used to install a reverse shell on a pc/lap ? and can this last modification to value data 1 prevent future access, months after the reverse shell had been installed ? would appreciate any advice
I am sure there is a way to disable all devices from connecting via USB except for a specific type of keyboard and mouse (I don't know how but I know this is possible because a few years ago when I was in high school (I left high school in 2013) we couldn't even plug any foreign devices in to school PC's without them being the exact same type of keyboard and mouse the school was using and only one of each and sometimes you couldn't even use the damn things if they had become unplugged during usage like PS/2 keyboards and mice do)
Haha thx for the Ctrl+Shift thing to open as admin :)
Can't you also change the admin privileges through UAC?