[TriEmbed] Kali Yin/Yang with Arduino

John Vaughters jvaughters04 at yahoo.com
Fri Jun 5 08:03:26 CDT 2015 

>One thing that came to my mind was to include a USB stick as well with a bootable distribution of a linux OS 
Scott,
I think you missed this line. As Rodney pointed out there are much better ways, but my point was that this was added to Kali Linux as a penetration test and that is pretty impressive for a simple little Arduino. Also, I think Rodney is underestimating the power of the keyboard attack. You can get to any terminal you desire with only a keyboard, then do whatever commands you like. For instance reboot. Then you get to attempt to reboot your USB stick. The main issue for the attacker about this attack, is they are just throwing out commands and hope they stick. If they succeed and boot into their linux, they have a platform for doing all kinds of nasty things, including contacting the outside world with root access to a computer on the victim's network. This scenario is bad, but it is not stealthy. I suppose you could reboot in the late hours and then reboot back to default. In any case it is not as good as other hacks. Mostly attackers want to get in without being noticed, like Rodney's example.
I will also point to this line of the orignial email. 
> I have not looked into all the possibilities of  Arduino use
Here are some links for further study. In general it falls under HID and physical securtiy vulnerabilities. The point of all these excercises is to understand the types of vulnerabilities, because most of us are too busy solving problems and thinking of productive solutions. If we were inclined to turn our attention to black hat activities, I am certian we would come up with much more sophisticated solutions, however, we would also be living in the shadows waiting to be brought to the CIA or NSA and forced to do their bidding or thrown in jail. I think projects like the links below open our minds to nefarious thought and it is always good to protect yourself by understanding the dark side thinking. Kali Linux is just the type of platform for this education.
Social Engineer Toolkit (SET) - Security Through Education

|   |
|   |  |   |   |   |   |   |
| Social Engineer Toolkit (SET) - Security Through Educati...The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://ww... |
|  |
| View on www.social-engineer... | Preview by Yahoo |
|  |
|   |


Teensy USB HID Attack Vector

|   |
|   |  |   |   |   |   |   |
| Teensy USB HID Attack VectorThe Teensy USB HID Attack Vector is a remarkable combination of customized hardware and bypassing restrictions by keyboard emulation. Traditionally when you insert ... |
|  |
| View on theonemarch.wordpr... | Preview by Yahoo |
|  |
|   |

 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.triembed.org/pipermail/triembed_triembed.org/attachments/20150605/5742eb36/attachment.htm>

More information about the TriEmbed mailing list