Project Summary

In security, I have always heard to never plug in random thumb drives that are not yours. I want to better understand the dangers associated with using rogue USBs and what these devices are actually capable of doing. After all, it’s just a USB device, right? I also want to build my skills with scripting and using the Windows command prompt and PowerShell.

This project was extremely insightful and a video of the end result can be found here. With the USB Rubber Ducky, the only limitation is the attacker’s creativity. In this project, I successfully:

• Created a basic script/payload.

• Loaded the payload on the Rubber Ducky

• Tested the payload on the victim.

• Found a reverse shell command for both attacker and victim machines.

• Tested the reverse shell connection.

• Disabled Windows Defender

• Scripted a new payload with the reverse shell command.

• Loaded the payload on the Rubber Ducky and tested it on the victim.

• Uploaded malware from the attacking device to the victim.