AVR/V-USB combo tool hacks Win 7

András Veres-Szentkirályi, IT security expert, OSCP, GWAPT, writes, “I’ve built a device that acts as a USB HID keyboard, enters a script as a series of keystrokes into a PC, which can extract itself into an executable. This in turn can send files on the PC back to the device using the NUM/CAPS/SCROLL lock LED status reports, so it can be used to transfer files into and out from PCs that are locked down, so that only a display/keyboard/mouse can be connected to it.” He built this device as part of a presentation at the recent Hacktivity 2012 conference. The presentation slides can be downloaded as a 16-page PDF from the Silent Signal homepage.

The whole story can be found in on András VSzA techblog along with links to all the source code and schematics.

Via the contact form.

Join the Conversation

1 Comment

  1. From his website…. receive “1.24 effective bytes per second”…

    uhhh it will take him a long time before he gets hands on my very special image collection. ;)
    But an interesting side attack… hard to handle by normal means… what will you do? Prevent usage of Mouse and Keyboard. Hmm in the long run this might lead to the fact that we only can used “signed” hardware… double as expensive and only from the big makers who can afford the licences fee to let it sign by Apple and Microsoft.

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.