Ducky-in-the-middle: Injecting keystrokes into plaintext protocols

BSidesROC 2018

Presented by: Esteban Rodriguez
Date: Saturday April 14, 2018
Time: 09:30 - 09:50
Location: Track 3

This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation.

Esteban Rodriguez

I am a Security Consultant at Coalfire Labs. I primarily perform network and web application penetration testing. I worked previously at Apple Inc performing intrusion analysis and incident response. Outside of work I blog at n00py.io and perform independent security research. I have authored multiple penetration testing tools and have presented at Bsides Puerto Rico covering penetration testing techniques.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats