Presentation Material
Abstract
Videos for the talk are linked below
The title of the talk is βinspiredβ from an answer to a question from a famous Hindi movie which needs no introduction. In that timeless drama, a brother boasts off his assets and makes a mockery of his brother by asking him about the assets he owns, a difficult question but with a very simple answer. We as hackers and penetration testers are asked the same question, time and again during our engagements. Whenever we are unable to get into a system we are being asked the same question, whenever an AV blocks or kicks us off a system we are being asked the same question, whenever we have to leave some systems out of pwnage as they are too fragile and/or valuable to be exploited using memory corruption bugs we are being asked the same question. Do we have an answer? Yes we do, we have Teensy.
Teensy which is a USB Micro-controller device can be used as a keystroke dongle and can be programmed to βtypeβ commands and use mouse when a specific condition is met. All you need to do is to program commands into the device, connect it to a system using USB port and you will see commands being sent. Much work has been done on Teensy, with some really great things done with this.
This talk focuses on usage of Teensy in a Penetration Test. You will see how easy it is to pwn a machine using teensy with just a few keystrokes. Some intuitive attack methods and payloads will be demonstrated. We will have a look on how fabulously teensy goes through the instructions provided. We will also go through some steps in tutorial mode so that you can program your own teensy device. This is a relatively new attack vector and needs attention and community contribution. The talk will be full of live demos.
AI Generated Summary
The talk addresses a common challenge in penetration testing: gaining access to systems when traditional software exploits are unavailable, ineffective, or prohibited due to production environment constraints. It proposes the use of a Teensy microcontroller device (specifically the TNC 2++) as a practical alternative for compromising highly secured environments.
The core technique involves programming the Teensy, a small USB device that emulates a keyboard, to automatically execute a sequence of keystrokes upon being plugged into an unattended, unlocked workstation. This allows an attacker to bypass network-based defenses and application-level mitigations by interacting directly with the operating system’s user interface. A demonstrated payload targeted Windows 7, simulating the keystrokes needed to open a command shell with administrative privileges (bypassing UAC prompts via automated ‘Alt+Y’ presses) and subsequently adding a new user to the local administrators group. The device’s small form factor facilitates physical deployment, such as leaving it in a parking lot or plugging it into a machine during an internal engagement.
The practical implication is that even in environments with robust patch management, application whitelisting, and exploit mitigations, the human factor and physical access remain critical vulnerabilities. A programmable HID device can provide a reliable, low-tech path to initial access or privilege escalation when software-based attack vectors are blocked. The tool’s effectiveness hinges on the prevalence of unlocked, unattended workstations and the general lack of policies that completely disable USB ports or block unidentified HID devices. This approach underscores the need for security controls that address physical security and user session management with equal rigor to network and application hardening.