Hello David. Just recently I discovered your channel and I really enjoyed how you explain networks, you make it sound like it is very easy :). I am finishing my networking certification which I can state that I have so many to learn. At the same time trying to make netacad certifications and watching people like you to expand my horizons and knowledge. You gained a new sub. Thank you
this guy is so underrated , keep it up mr.david its been 24 hours since i started to learn on your chanel and i already learned alot of stuff thank you for all this work you are doing god bless
David: “You should never just plug a random USB into your computer.” Every Dark Web Mystery Box UA-camr: “Let’s see what this dark web hard drive will do to my PC”
Loved the Mr. Robot reference, truly and the only realistic series in terms of hacking. Needless to say, very precise and amazing video as always. Great work!
@@davidbombal Hey uhh so on some comments there is a person called onion tv official saying "...you can learn more from my channel.. thanks" and their channel is very fishy, im not sure if it's a bot but just letting you know.
Trust has been a major issues in my relationship till i was referred to the best hacker on Instagram called @Vikehacks. He gave me total access into my wife's Snapchat efficiently and swiftly. Contact @Vikehacks on Instagram to get all hacking services done and remember to tell him who referred you. 💯
Usually, when I find a USB drive on the floor I go to the Net Café and plug it into a random computer there just to find out if I can figure out its owner in order to contact them. But, it's interesting to know about this hack so thanks for sharing!
While I find this idea intriguing, I did install a script that changed all the keys on my friends computer. Every time he pressed F, it said something nasty, and every time he tried to press delete, it wrote, "Haha, did you try to delete now?"
@@kebman I wrote a script that does something similar too, i called it "keyboard jammer"; it kept track of what keys were being pressed while inserting random characters instead. It wouldn't stop unless you gave it the actual correct key-combination
-I just finished my 128 pages essay. Can you check it to see if it's ok? -Sure, just let me re-write it on my laptop. -But I can pass it to you on my thum-- -LET. ME. RE. WRITE IT.
well thats why jsu tnot plug something in isnt a good security concept. with today electronics it could be in any cable, hell already within the electronics in the laptop itself. thats why we backup, encrypt, and overwatch processes, multifactor auth and so on. in this case this is midly a hack itself. you aint get admin privileges so damage is contained as long he cant run a privilege escalation hack. i doutb he can even autorun that thing as powershell is notorious limited by default. that why he wrote a file like that, he aint have fileaccess with that and he cant use it to install a backdoor to gain such thing that easy. if ur system is uptodate the attacker would need a zero day exploit. if that thing is already on the thumbdrive it could be worth millions.
got a script for that it basicly makes the computer unusable it keep turning the sounds to 100% on the speakers every second and play never gonna give you up
Excellent video. I'm taking beginning classes for cyber security and had to learn about rubber ducky and this is the best video I found so far. Thank you!
Trust has been a major issues in my relationship till i was referred to the best hacker on Instagram called @Vikehacks. He gave me total access into my wife's Snapchat efficiently and swiftly. Contact @Vikehacks on Instagram to get all hacking services done and remember to tell him who referred you. 💯
first thing to do, 1, disconnect internet cable, 2, disconnect hard drive, 3 boot a live disc of any linux distro, then insert thumb drive to find out whats on it. then go into usb format and wipe the thumb drive. ..
Hi David, Can you personally develop exploits, Trojan’s, Bots, Worms. As well as perform Buffer-overflows, and Ram-scraping, etc. Or can you only use prebuilt tools????
An attorney took his micro sim card out of his phone, handed it to a copy service to grab files for a print job. The attorney put the sim back in his phone, when he got to work, he plugged his phone into the work computer for whatever, and that was that! A virus when through the whole company and wiped out data on all non hidden shares. So, it is not just a random USB that you find, it is also where you are plugging in your devices into, and service IT people, what is on their sticks.
Plugging a usb stick that you found on the carpark into your computer is like drinking from an opened and half consumed bottle of Coke you found on the carpark
why didn't i see this channel earlier until today, @david , interesting content you have have here and spreads a wide knowledge, time to check every video you've uploaded thanks
just amazing what you can do remotely, also it is kind of dangerous if some one track your bank account info. I will never plug unknown USB. thanks it is very useful video
@@ner0p dude do you really think this is true? Put video on 7:01 and slow it down and you will notes screen cut when he "triggers on chrome on laptop" this guy is just trolling with you all :D :D :D
Okay, now i hope you make a video explaining how to kill or avoid the powerllshell process that is running on the infected laptop after pluging in the usb.
I would be thanking million times ,if I could get to see his full tutorials.. He genuinely seems too smart and knowledgeable,it's my first video hence,new subscriber and I'm surely going to try to watch all of his other videos 👍👍
David, thanks for another great video. It’s an important knowledge, indeed. Nevertheless, you didn’t tell how to prevent such USB stick attacks, how to secure USB interface so even if somebody else will plug a USB stick we still can remain safe. In the end, the video is only halfway useful to me. Cheers!
Windows OS, open AutoPlay from search menu. Either disable the defaults or change them to Ask me every time. For my clients, we use security software to push these settings out and also for some devices like computers that are near people not from the business like a patient encounter room, we fully disable the USB ports. No end user can override this either. There is also methods with software that require an encryption key to exist on the USB storage device, before the computer will allow access. Meaning, only Trusted USB storage devices are allowed. I once had a doctor's office fill his USB ports with superglue to block patients from trying to insert USB sticks. I was very polite and showed how his keyboards had a USB port on their back and I would just unplug his mouse or keyboard and use those ports...
I think here though, the device is emulating a keyboard, rather than autoplaying from usb storage. So as far as the computer is concerned it's just an innocent keyboard
Great Video. Thank You for the wonderful content. Please consider making videos to counter attacks like these i.e. what can one do when they realise they are attacked.
Awesome as always David! Got Rubber Ducky, however I wouldn't 'toss it' on the street for someone to pick it up. Not at $45 a piece..:) If I may suggest, it would be batter to show your audience how to use an ordinary (inexpensive) 'stick' and set it up as 'Rubber Ducky'. Keep up the good work!
Thats y i made my own piece worth 5$ but still cant drop it on the street as I am not able to host Kali Linux Server as would be a huge cyber crime and my Public IP Address will get traced in no time by the ISP :(
Plus, you would have to provide written instruction on how to disable Windows Defender before plugging the Rubber Ducky in, something David clearly forgot to mention.
Well.....that's where social engineering enter the equation. Given the right incentive, you WILL plug something in. Doesn't have to look like a pen drive. Could be a USB powered desk fridge, a USB charging cable, a usb vibrator, you name it.... Actually, a novelty "usb dildo" may be worth making. You sneek into premises, leave the dildo in the canteen. I can guarantee someone just will have to see what happens......
I really love the thought of all the power and opportunities you can have from knowing how this stuff works.. Made it through the basics and making my own website for practice, I'm not even close to scratching the surface lol overwhelming but that's exactly what the thousands of other people are thinking and quit. Wont be me, downloaded Wireshark and today my pc refused to connect to my router. Ran a troubleshoot and it fixed it, still scared me enough to uninstall but thats what pucci's do?
I love how you stay on topic and any tangents are short, clear, concisely explained as to how they are a part of the subject under discussion. Many channels are unnecessarily long winded with very little, if any, useful information. I like just the facts. If I don't understand, I ask questions or research things myself. Very impressive format and layout. Love your workshop.
Scary for those of us who have fallen victim to these things. Who knew???? Props to those who know how to do this but now I need my identity back. No I didn't plug a random USB drive in my phone. Just an idiot on these things. What do I do now???? I'm amazed at how many people are involved in this. Another great video David
I would love just a tiny drop of Dave's knowledge, he's got so many weapons in is arsenal to use were and when he wants. Thank you for your videos. I recently purchased a usb win 10 boot pen drive, so I could put windows 10 on my Lenovo yoga, but keep my files ect. It now will not boot from bios to windows loading screen. I've tried Legacy mode and still now joy. Any help would be greatly appreciated. Thank you.
Awesome content, but I think it would’ve been great if you showed us how this is done from 2 separate networks instead of doing it internally which makes it easier to get into the “remote” machine.
Not only is it important not to use a USB device from an unknown source the same discipline should be applied to USB cords and power supplies that connect to a USB-C or other interface like a phone. It is crazy that nefarious actors actually will PWN your machine in this manner, but it happens everyday. Constantly practice EXCELLENT Cyber-Security OP=SEC. Be aware that these people do not care about you or your cause, they only care about there capabilities to make money off of your gullibility and vulnerabilities. Case in point, I asked a major hotel hosting a conference in Anaheim California I was attending if they had any USB power bricks or cords that I could use. The Front Desk is only happy to oblige and came out from the back room with a clear plastic bin containing dozens of cords and power-bricks that had been left and never retrieved by the owners. Two of those cords that I tested and one power-brick ran scripts when plugged into a Windows 10 laptop. When I dual booted into Linux one of those cords and the power-brick both ran scripts in Linux. It is crazy that people will blindly trust a connection device that is not theirs while on the road simply out of need and urgency. Always be vigilant, always verify then trust when it comes to these devices. Always use a trusted VPN when on the road. Do not plug into LAN ports in the room as these are notoriously points that can be hacked and the evidence hidden behind the wall-plate.
Or, much more convenient, whenever on the road, use whatever connection you can find. Just consider it as being likely comprised. Anyway, it doesn't help you much using the hotel WiFi rather than LAN....Because I'm in the room next door to yours.
The simple fact is, most people don't even know that these types of devices exist. It's not really "crazy that people will blindly trust a connection device that is not theirs while on the road simply out of need and urgency." I mean, you said it yourself...need and urgency. If you're in a hurry it is pretty easy to get a little careless. Especially if you're unaware of the dangers that you face. The ignorance of the average person is the main reason scams and script kiddies are successful.
I actually use a couple of those Ducky drives to help me enroll Chromebooks. Quite useful when you have to enroll a couple pallets of 300 devices all by your lonesome onesies.
It's like: "Hey, wow. There's a bag of pills here. Let's take one." But I'm asking my boss to try this in the place I work in. See if our users, and probably visitors, do.
Hi David - great video as always. One thing i would love to know is the defense against these sorts of attack! If the victim was suspicious after finding a thumbdrive- would they be able to view remote connections currently running on their machine for example? To see if any remote connection sessions were happening on your computer?
You surely heard about Task Scheduler. Attacker can create a new task which is enable with start of Windows. So yes, its possible to have an access even after restart.
@@georgedelgado8403 well, you can list all of the scheduled tasks with command "schtasks query", check for unusual folders and task names. Once you detect that task you can delete. In addition to that if you want to know the attacker's ip address, you can use wireshark to observe your outgoing network requests
I bought 2T,4T,8T USB pen drives online for a fraction of dollars. But I never got to fully format them and couldn't save many files continuously. The capacity of each drive shows exact bites. It's strange.
I normally use the USB port scanners to view the contents of the USB drive in protected mode before accessing the drive as usual. Usually when there are instructions running from a USB drive, they are blocked by the USB port scanners and I've witnessed that happen a lot in infected USB drives. Can these technique get past the USB port scanners?
David sir........i am from india....love from india....truely i am saying that sir u and network chuck(i don't know the name) and the biggest reasons for which i am fascinated for IT.....i want to become a cybersecurity guy...can u help me sir.........i have not seen teachers like u and network chuck.......hope i be a student of yours forever.....😍😍😍
How have you recreate a connection after the windows was restarted??? It is executing all those commands because of that PowerShell in the background. It's disconnected as soon as the power shell ends.
Gets control of a laptop and shows us how he can open a web browser -_-, If you want people to be afraid show them how you make a hidden keylogger or access the bank account details saved on the laptop now how you open a txt file
As I understand it... the worst security breach in the USA by a foreign government was done this exact way, a thumb drive found in the parking lot, walked its way into a secure facility and was plugged into a computer hooked into the Naval Intelligence Network. The country involved was never disclosed, it's probably classified.
That is why I have a computer setup that hasn't got any network connectivity. I have had clients bring me an USB Flash Drives to see what is on the drive because they know that I a safe setup. There is also autoplay settings in Windows 10 that will turn off anything from auto launching. Turn off all of the auto play settings and you can plug in any external device and nothing will run when a device is plugged into the USB port or card reader. One of the first steps I take when I set up a new computer. George
I can tell that accent from a mile away, howzit from Aoteroa New Zealand. We are allowed to use USB's at my polytechnics' library. I thought that they were risking it but its a pretty honest country.
@@justinspiredfallout it actually is, but you have to make the usb drive specifically to trick windows into executing and also you would need to have autoplay enabled.
@@justinspiredfallout actually he is showing the stuff a "developer's pc' or at least a computer enthusiasts pc would do, if you don't know about this stuff put windows in the annoying mode my grandparents pc is: no installing or running anything not from windows store and admin privileges are non accessible.
@@henrywadsworth7690 after watching the follow up video to this one, I realized that this isn't a flash drive. Windows sees it as a keyboard so it has no issue installing it and enabling it.
@@justinspiredfallout hmm then you would have to disable automatic driver updates in that case. personally no physical peripherals actually connect automatically on mine so yea.
It's awesome that someone actually created something like this but scary at the same time lol. Also operating systems these days prevent stuff like this happening now on most of them thumb drives they have a a autorun but most computers disable it.
haha jokes on you, my laptop is so slow that it takes like 5mins to do the most basic and simplest tasks
I'm on an i3 iMac. Half the time my USB ports don't even work for benign devices!
Lol jokes on you my Mac doesn’t have usb interface
@@mrri8403 Jokes on you for using a Mac!🤣
@@colindaniels6218 You might be 'truly safe' from the internet but therefor possibly lack the opportunity from it's full potential.
JOKES ON YALL I DONT EVEN HAVE A HOUSE
Done it so many time when I took the CEH course, but never I imagined that you can program a USB to do this kind of backdoor connectivity. Awesome!!!
David will throw millions of pendrive on street and follow his youtube channel from there🤣🤣🤣
but this is great idea🤣🤣
hahah u r really right.
Hello David. Just recently I discovered your channel and I really enjoyed how you explain networks, you make it sound like it is very easy :). I am finishing my networking certification which I can state that I have so many to learn. At the same time trying to make netacad certifications and watching people like you to expand my horizons and knowledge.
You gained a new sub. Thank you
can you tell which networking certification you are doing from where
this guy is so underrated , keep it up mr.david its been 24 hours since i started to learn on your chanel and i already learned alot of stuff thank you for all this work you are doing god bless
David: “You should never just plug a random USB into your computer.”
Every Dark Web Mystery Box UA-camr: “Let’s see what this dark web hard drive will do to my PC”
Thanks for the heart David, I love ur vids
Do you know a channel where I could watch that?
@@Lindrios most are fake
@@ilulu3812 they’re actually all fake, mystery boxes aren’t sold there
@@Krimson44 u could probably find someone actually selling a mystery box but it's highly unlikely
Loved the Mr. Robot reference, truly and the only realistic series in terms of hacking. Needless to say, very precise and amazing video as always. Great work!
Thank you Abdul!
@@davidbombal Hey uhh so on some comments there is a person called onion tv official saying "...you can learn more from my channel..
thanks" and their channel is very fishy, im not sure if it's a bot but just letting you know.
Trust has been a major issues in my relationship till i was referred to the best hacker on Instagram called @Vikehacks. He gave me total access into my wife's Snapchat efficiently and swiftly. Contact @Vikehacks on Instagram to get all hacking services done and remember to tell him who referred you. 💯
I never thought I would be able to recover my account until I met Hacker_Fmt on Instagram,I tried him and recommend 💯 💯💯!
@Jamie Indeed, I'll try adding them on LinkedIn haha
Usually, when I find a USB drive on the floor I go to the Net Café and plug it into a random computer there just to find out if I can figure out its owner in order to contact them. But, it's interesting to know about this hack so thanks for sharing!
That's the beauty of it !
The original attack didn't work out, so it's nice you are helping to at least get some other data ☺️
Bro imagine hacking a computer and forcing the computer to run a rickroll for every 10 minutes
While I find this idea intriguing, I did install a script that changed all the keys on my friends computer. Every time he pressed F, it said something nasty, and every time he tried to press delete, it wrote, "Haha, did you try to delete now?"
@@kebman INGENIOUS!
@@kebman I wrote a script that does something similar too, i called it "keyboard jammer"; it kept track of what keys were being pressed while inserting random characters instead. It wouldn't stop unless you gave it the actual correct key-combination
Isn't that how the Iranian nuclear programme was hacked in 2010 by a thumb drive with Stuxnet on being left somewhere, found and plugged in?
When displaying the blue screen of death, put a qr code which, when scanned: downloads a payload on a mobile device?
YES
that is nasty hahahaha but i like it
Jeez that's genius
just what i was thinking
so you're hacking hacking now 😂
-I just finished my 128 pages essay. Can you check it to see if it's ok?
-Sure, just let me re-write it on my laptop.
-But I can pass it to you on my thum--
-LET. ME. RE. WRITE IT.
😂😂🤣
copy and paste the text into an email for me, please. Then, I'll copy and paste into word document for reading. Thx
😂
well thats why jsu tnot plug something in isnt a good security concept.
with today electronics it could be in any cable, hell already within the electronics in the laptop itself.
thats why we backup, encrypt, and overwatch processes, multifactor auth and so on.
in this case this is midly a hack itself. you aint get admin privileges so damage is contained as long he cant run a privilege escalation hack.
i doutb he can even autorun that thing as powershell is notorious limited by default. that why he wrote a file like that, he aint have fileaccess with that and he cant use it to install a backdoor to gain such thing that easy.
if ur system is uptodate the attacker would need a zero day exploit. if that thing is already on the thumbdrive it could be worth millions.
@@woswasdenni1914 There are plenty of known vulnerabilities that aren’t patched.
This would be a great way to rickroll someone
That is what i was thinking
got a script for that it basicly makes the computer unusable it keep turning the sounds to 100% on the speakers every second and play never gonna give you up
@@__jonko_with_johnko__ send script
Duuude.
@@denisbronskii5629 it is ez to make a one using python
my rubber ducky is on the way! great info i really like your videos & networkchuck!
Excellent video. I'm taking beginning classes for cyber security and had to learn about rubber ducky and this is the best video I found so far. Thank you!
Hey dude, is Rubber ducky among the course unit in Cyber security class??
Super Clear Voice , Super Easy Explains , Simply "SUPERMAN"
Thank you Sushant! much appreciated :)
Trust has been a major issues in my relationship till i was referred to the best hacker on Instagram called @Vikehacks. He gave me total access into my wife's Snapchat efficiently and swiftly. Contact @Vikehacks on Instagram to get all hacking services done and remember to tell him who referred you. 💯
first thing to do, 1, disconnect internet cable, 2, disconnect hard drive, 3 boot a live disc of any linux distro, then insert thumb drive to find out whats on it. then go into usb format and wipe the thumb drive. ..
it can be just a usb killer, so it will melt your pc without any software
@@maxxxxiors that's why you test it with a library pc :)
Or you can just..... not plug it in?
@@bigchungus27 nah that seems logical, stay away from it
This is great! Thank you! Thank you for not going so fast! Really appreciate this!
You're welcome Max!
Hi David, Can you personally develop exploits, Trojan’s, Bots, Worms. As well as perform Buffer-overflows, and Ram-scraping, etc. Or can you only use prebuilt tools????
That’s mean if my task manager running poweshell I’m being hacked.
Thank you. Great content.
Great info! Thank you for sharing. I'm writing a short article on account security and gave me some more food for thought for the article.
" Let's have some fun " --- I'm scared
😂
Now my SCHOOL is going to pay for not selecting me for the hacking competition
Oh my
I like how he has to tell us that he is controlling this laptop every 2.687 seconds.
An attorney took his micro sim card out of his phone, handed it to a copy service to grab files for a print job. The attorney put the sim back in his phone, when he got to work, he plugged his phone into the work computer for whatever, and that was that! A virus when through the whole company and wiped out data on all non hidden shares. So, it is not just a random USB that you find, it is also where you are plugging in your devices into, and service IT people, what is on their sticks.
I'm glad my Sinclair Spectrum does not have a USB port , so I do not get tempted.😊
Great video David.
Plugging a usb stick that you found on the carpark into your computer is like drinking from an opened and half consumed bottle of Coke you found on the carpark
i agree lol
Nah it's like finding a bag of coke on the street only to snort it and find out its fentanyl.
Are we just going to ignore the fact that he says 'the movie mr. robot'
yup he must have missed the series
It's just South African vernacular.
I'd trust a usb drive more than him after that
Scrolled to check for this comment before I typed the same thing. That glaring error completely made me lose interest
He speaks a lot of Mistakes
Love the intro with the zebra and the video!
Keep it up!
Thank you Aldo!
why didn't i see this channel earlier until today, @david , interesting content you have have here and spreads a wide knowledge, time to check every video you've uploaded thanks
just amazing what you can do remotely, also it is kind of dangerous if some one track your bank account info. I will never plug unknown USB. thanks it is very useful video
Amazing 👽, next video use it on mac and linux, i really want to see them how it works 🙏
Glad you liked the video :) Thanks for the suggestion.
He won't, it won't
@@ner0p dude do you really think this is true? Put video on 7:01 and slow it down and you will notes screen cut when he "triggers on chrome on laptop" this guy is just trolling with you all :D :D :D
@@davidbombal nice scene cut on 7:01 which have made be believe you 110%, our hand tells it all ;)
@@metalsnake00 Well spotted.
Note: I counted how many seconds it takes to hack when the USB drive is plugged in. 5 seconds.
but did you notice that he is controlling that laptop?
Why are so many robloxians watching this video?
Okay, now i hope you make a video explaining how to kill or avoid the powerllshell process that is running on the infected laptop after pluging in the usb.
i just need to type on my kali and plug the usb on the pc target and that's it???
There are several ways you easily can safeguard yourself. But the average user is clueless.
Disable autostart from USB. Simple
@@Trantarok ohh ok thanks
@@Trantarok How can I disable it? Help a brother out?
now I'm curious how to prevent that, Its a good thing a found this channel looking forward to your new videos
I would be thanking million times ,if I could get to see his full tutorials..
He genuinely seems too smart and knowledgeable,it's my first video hence,new subscriber and I'm surely going to try to watch all of his other videos 👍👍
David, thanks for another great video. It’s an important knowledge, indeed. Nevertheless, you didn’t tell how to prevent such USB stick attacks, how to secure USB interface so even if somebody else will plug a USB stick we still can remain safe.
In the end, the video is only halfway useful to me.
Cheers!
Windows OS, open AutoPlay from search menu. Either disable the defaults or change them to Ask me every time. For my clients, we use security software to push these settings out and also for some devices like computers that are near people not from the business like a patient encounter room, we fully disable the USB ports. No end user can override this either. There is also methods with software that require an encryption key to exist on the USB storage device, before the computer will allow access. Meaning, only Trusted USB storage devices are allowed. I once had a doctor's office fill his USB ports with superglue to block patients from trying to insert USB sticks. I was very polite and showed how his keyboards had a USB port on their back and I would just unplug his mouse or keyboard and use those ports...
I think here though, the device is emulating a keyboard, rather than autoplaying from usb storage. So as far as the computer is concerned it's just an innocent keyboard
Great Video. Thank You for the wonderful content. Please consider making videos to counter attacks like these i.e. what can one do when they realise they are attacked.
Great suggestion Vyas!
Send a dm to Holtlan_94 on lG sir. He’s such a great help
Awesome as always David!
Got Rubber Ducky, however I wouldn't 'toss it' on the street for someone to pick it up. Not at $45 a piece..:)
If I may suggest, it would be batter to show your audience how to use an ordinary (inexpensive) 'stick' and set it up as 'Rubber Ducky'.
Keep up the good work!
Thats y i made my own piece worth 5$ but still cant drop it on the street as I am not able to host Kali Linux Server as would be a huge cyber crime and my Public IP Address will get traced in no time by the ISP :(
@@rasheedmalik6594 no comment..:)
Plus, you would have to provide written instruction on how to disable Windows Defender before plugging the Rubber Ducky in, something David clearly forgot to mention.
@@ner0p Windows Defender does not flag the Rubber Ducky. It abuses the HID trust relationship with most OS
I always thought the point of "internet cafes/kiosks" were to plug in devices you didn't fully trust, to see what happens.
Great demo and PSA.
Mr. Robot is a TV series, not movie.
3 minutes into the demonstration:
"Notice, I am controlling this laptop"
Ohhh, I hadn't noticed... lmao
Good demos tho
Perfect recommdation does exist... I will never pick up unknown pen drive or plug it.
Good advice :)
Well.....that's where social engineering enter the equation. Given the right incentive, you WILL plug something in. Doesn't have to look like a pen drive. Could be a USB powered desk fridge, a USB charging cable, a usb vibrator, you name it....
Actually, a novelty "usb dildo" may be worth making. You sneek into premises, leave the dildo in the canteen. I can guarantee someone just will have to see what happens......
I really love the thought of all the power and opportunities you can have from knowing how this stuff works.. Made it through the basics and making my own website for practice, I'm not even close to scratching the surface lol overwhelming but that's exactly what the thousands of other people are thinking and quit. Wont be me, downloaded Wireshark and today my pc refused to connect to my router. Ran a troubleshoot and it fixed it, still scared me enough to uninstall but thats what pucci's do?
I love how you stay on topic and any tangents are short, clear, concisely explained as to how they are a part of the subject under discussion.
Many channels are unnecessarily long winded with very little, if any, useful information.
I like just the facts. If I don't understand, I ask questions or research things myself.
Very impressive format and layout.
Love your workshop.
Scary for those of us who have fallen victim to these things. Who knew???? Props to those who know how to do this but now I need my identity back. No I didn't plug a random USB drive in my phone. Just an idiot on these things. What do I do now???? I'm amazed at how many people are involved in this. Another great video David
I would love just a tiny drop of Dave's knowledge, he's got so many weapons in is arsenal to use were and when he wants. Thank you for your videos. I recently purchased a usb win 10 boot pen drive, so I could put windows 10 on my Lenovo yoga, but keep my files ect. It now will not boot from bios to windows loading screen. I've tried Legacy mode and still now joy. Any help would be greatly appreciated. Thank you.
Never quit and learn something new every day
Awesome content, but I think it would’ve been great if you showed us how this is done from 2 separate networks instead of doing it internally which makes it easier to get into the “remote” machine.
Not only is it important not to use a USB device from an unknown source the same discipline should be applied to USB cords and power supplies that connect to a USB-C or other interface like a phone. It is crazy that nefarious actors actually will PWN your machine in this manner, but it happens everyday. Constantly practice EXCELLENT Cyber-Security OP=SEC. Be aware that these people do not care about you or your cause, they only care about there capabilities to make money off of your gullibility and vulnerabilities.
Case in point, I asked a major hotel hosting a conference in Anaheim California I was attending if they had any USB power bricks or cords that I could use. The Front Desk is only happy to oblige and came out from the back room with a clear plastic bin containing dozens of cords and power-bricks that had been left and never retrieved by the owners. Two of those cords that I tested and one power-brick ran scripts when plugged into a Windows 10 laptop. When I dual booted into Linux one of those cords and the power-brick both ran scripts in Linux.
It is crazy that people will blindly trust a connection device that is not theirs while on the road simply out of need and urgency. Always be vigilant, always verify then trust when it comes to these devices. Always use a trusted VPN when on the road. Do not plug into LAN ports in the room as these are notoriously points that can be hacked and the evidence hidden behind the wall-plate.
Thanks for sharing! That is a great example :)
Or, much more convenient, whenever on the road, use whatever connection you can find. Just consider it as being likely comprised. Anyway, it doesn't help you much using the hotel WiFi rather than LAN....Because I'm in the room next door to yours.
The simple fact is, most people don't even know that these types of devices exist. It's not really "crazy that people will blindly trust a connection device that is not theirs while on the road simply out of need and urgency." I mean, you said it yourself...need and urgency. If you're in a hurry it is pretty easy to get a little careless. Especially if you're unaware of the dangers that you face. The ignorance of the average person is the main reason scams and script kiddies are successful.
I actually use a couple of those Ducky drives to help me enroll Chromebooks. Quite useful when you have to enroll a couple pallets of 300 devices all by your lonesome onesies.
Thanks David for sharing your ideas I am not a skilled user of gadgets am still learning how to navigate. It's a big lesson on my part.
PLOT TWIST : I will connect that pendrive to my car's dvd
"don't just plug any device" - Don't use any computer at all
thanks for the info...now, is there a video on what steps to take before you insert a usb drive?
thank you greatly for warning people about this, and thank you greatly for slightly teaching me how to do this.
It's like: "Hey, wow. There's a bag of pills here. Let's take one."
But I'm asking my boss to try this in the place I work in.
See if our users, and probably visitors, do.
Hi David - great video as always. One thing i would love to know is the defense against these sorts of attack!
If the victim was suspicious after finding a thumbdrive- would they be able to view remote connections currently running on their machine for example? To see if any remote connection sessions were happening on your computer?
I think just ending power shell helps
I love the series Mr Robot it's insane 😁...
Will the attacker continue to have access even when the user restarts the laptop? Can the powershell be run automatically after startup?
You can make it do whatever a user with a keyboard can do.
You surely heard about Task Scheduler. Attacker can create a new task which is enable with start of Windows.
So yes, its possible to have an access even after restart.
and how the person get out of this?
@@georgedelgado8403 well, you can list all of the scheduled tasks with command "schtasks query", check for unusual folders and task names. Once you detect that task you can delete. In addition to that if you want to know the attacker's ip address, you can use wireshark to observe your outgoing network requests
@@Omer-tq3op Pretty sure if someone is picking up random USB drives, they don't know wireshark
My uncle who is a software engineer: Those hacks in the movies are fake
Me:*Press X to doubt*
: NEVER JUST PLUG A USB into your computer!
: Watch me OWN this system in SECONDS!
: Want to buy a USB from ME? 😉
🤔😂🤣😅
Hahah it sounds like scam 😅
LOL I think I am studying too hard, I though David just called me out to an Internet brawl lol
lol... I'm too old for a fight :)
@@davidbombal Me too David
Very informative and scary!
I'M SO GLAD YOU GUYS ARE REAL HACKERS. YOU SEEM IN SUCH A BETTER SKILL *BRAVE CYBER* IT'S GREAT TO SEE IT
I bought 2T,4T,8T USB pen drives online for a fraction of dollars. But I never got to fully format them and couldn't save many files continuously. The capacity of each drive shows exact bites. It's strange.
Last time I plugged in a random thumb drive, my centrifuges started vibrating and spinning faster... weird coincide
Let me guess you work in some nuclear facility
@@arthurmaciel9893 I did but the facility fell apart
Cool, I will never trust a USB drive again!
Not until one labelled "Wages 2021" is dropped in the car park at your workplace 😅
Am I the only one who would like a in depth review of this “hacking technique” ???
No am here too
Me as well
Just buy the rubber ducky from Hak5 and load a script... that is just what he did
Hack the box's beginner boxes teach reverse shell
I meant starting points. The first 2 starting points end in two styles of reverse shell scripts, one vs Linux, one vs windows
I normally use the USB port scanners to view the contents of the USB drive in protected mode before accessing the drive as usual. Usually when there are instructions running from a USB drive, they are blocked by the USB port scanners and I've witnessed that happen a lot in infected USB drives. Can these technique get past the USB port scanners?
How to know if someone has installed this kind of stuff in our computer and how to remove it
I'd put it into an old laptop, yes. Especially if that old laptop is disposable to me.
David sir........i am from india....love from india....truely i am saying that sir u and network chuck(i don't know the name) and the biggest reasons for which i am fascinated for IT.....i want to become a cybersecurity guy...can u help me sir.........i have not seen teachers like u and network chuck.......hope i be a student of yours forever.....😍😍😍
Don't you want a son from him?
Thank you! Never give up on your dreams!
@@serviodiaz4425 Why you have one son from him? WOW! THAT'S NICE. WHAT IS THE NAME OF YOUR SON?
CONGRATS!! HAPPY FOR YOU
FROM INDIA
David has some amazing courses on Udemy. U might have to check them out.
I have been following him for sometimes now.
@@davidbombal thank u sir.....for such beautiful words.......🙏🙏
can u do a step by step including everything plz i'm new
Hi David, that was 😲😲😲😲, thanks for the Tip!!
The reverse is also dangerous. Never plug your wifi to a random computer. A script can captures all files of a usb drive plugged into a lab computer.
use to hack my math and physics teacher and get final exam sheets works well till now they still didnt know i have access for 3 years XDDD
How have you recreate a connection after the windows was restarted??? It is executing all those commands because of that PowerShell in the background. It's disconnected as soon as the power shell ends.
@@mani5655 there are ways
@@mani5655 you could just copy the powershell file to the start up folder which would cause it to recreate it every restart
Gets control of a laptop and shows us how he can open a web browser -_-, If you want people to be afraid show them how you make a hidden keylogger or access the bank account details saved on the laptop now how you open a txt file
but how to make one ?
As I understand it... the worst security breach in the USA by a foreign government was done this exact way, a thumb drive found in the parking lot, walked its way into a secure facility and was plugged into a computer hooked into the Naval Intelligence Network.
The country involved was never disclosed, it's probably classified.
That is why I have a computer setup that hasn't got any network connectivity. I have had clients bring me an USB Flash Drives to see what is on the drive because they know that I a safe setup.
There is also autoplay settings in Windows 10 that will turn off anything from auto launching. Turn off all of the auto play settings and you can plug in any external device and nothing will run when a device is plugged into the USB port or card reader. One of the first steps I take when I set up a new computer.
George
It took me 4 minute to realise that he is using his left hand for mouse and right hand for keyboard
probably had to use left hand because he placed that laptop on his right side
Both handed?
😁Just discovered that the kid is wearing a South African t-shirt, my home country 😊
I guess you could still just test the USB on Kali Linux live.
Using a VM would be a smarter idea ;-)
what if i unplug the usb and it didn't reach 3 seconds yet
I can tell that accent from a mile away, howzit from Aoteroa New Zealand. We are allowed to use USB's at my polytechnics' library. I thought that they were risking it but its a pretty honest country.
00:35 *television show
An Amazon Prime series?
@@davidbombal It's a USA Network series but it is available to stream on Amazon Prime.
uuuh, just disable automatic execution?
This is what's confusing me. How does it autorun? Surely this isn't default Windows behaviour...
@@justinspiredfallout it actually is, but you have to make the usb drive specifically to trick windows into executing and also you would need to have autoplay enabled.
@@justinspiredfallout actually he is showing the stuff a "developer's pc' or at least a computer enthusiasts pc would do, if you don't know about this stuff put windows in the annoying mode my grandparents pc is: no installing or running anything not from windows store and admin privileges are non accessible.
@@henrywadsworth7690 after watching the follow up video to this one, I realized that this isn't a flash drive. Windows sees it as a keyboard so it has no issue installing it and enabling it.
@@justinspiredfallout hmm then you would have to disable automatic driver updates in that case. personally no physical peripherals actually connect automatically on mine so yea.
i barely noticed that you are controlling that laptop, please remind us more
lol
8 minute video with two sentences on autorepeat. Just lovely
The BadUSB is one of the easiest ways to penetrate a corporate network - still is in 2022.
i CANNOT be the only person that hears "computa"
I hear that
can you make a tutorial on how to do this attack.
Mark Zuckerberg wants to know your location :)
lol.. and yours :)
@@davidbombal does this work even if user account control is set at max plus password security?
ok we get it, you have remote control to that laptop
Really enjoyed it, very insightful
He: *kills Chrome*
*after 2 minutes*
He: 'lets kill Chrome again'
🤣
Does anyone know how he controlled the laptop, he may have mentioned reverse shell attack not sure though
"Notice Chrome..... Is DEAD."
IE sus. FF vented.
This is a very important and revealing video. Thanks for sharing
Superb, Easy to understand and I'm learning it for educational purpose.
It's awesome that someone actually created something like this but scary at the same time lol. Also operating systems these days prevent stuff like this happening now on most of them thumb drives they have a a autorun but most computers disable it.