Using the Teensy for so much more...

BSidesLV 2011

Presented by: Joshua Kelley (winfang98), David Kennedy (Rel1k)
Date: Wednesday August 03, 2011
Time: 12:30 - 13:30
Location: Track 1
Track: Track 1

The Teensy USB HID device is something that has gained a ton of momentum for penetration testers. Last year at BSIDESLV we released code for the Teensy device for staged downloaders to be executed and compromise the system all through a USB HID interface which circumvents autorun capabilities as part of The Social-Engineer Toolkit (SET). This year we stepped up our game a bit more and figured out how to deploy full PE files all through the Teensy hid device and keyboard emulation. There were some major restrictions when leveraging the Teensy, most importantly, the ability to process large strings and store them in EPROM for execution simply didn't work. As part of this release, we have written a memory management component to the Teensy device that allows successful execution of large string-based code execution (or binary files). This means we no longer need a staged downloader approach and never a connection back if we don't need it to compromise the affected machine. The ability to deploy executable's without ever mounting any type of SDCARD or media device is unique and circumvents all USB autorun based restrictions on a machine. This new addition will be included in a version of the Social-Engineer Toolkit that will be released at BSIDESLV.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats