Presentation Material
Abstract
Videos for the talk are linked below
The title of the talk is “inspired” from an answer to a question from a famous Hindi movie which needs no introduction. In that timeless drama, a brother boasts off his assets and makes a mockery of his brother by asking him about the assets he owns, a difficult question but with a very simple answer. We as hackers and penetration testers are asked the same question, time and again during our engagements. Whenever we are unable to get into a system we are being asked the same question, whenever an AV blocks or kicks us off a system we are being asked the same question, whenever we have to leave some systems out of pwnage as they are too fragile and/or valuable to be exploited using memory corruption bugs we are being asked the same question. Do we have an answer? Yes we do, we have Teensy.
Teensy which is a USB Micro-controller device can be used as a keystroke dongle and can be programmed to “type” commands and use mouse when a specific condition is met. All you need to do is to program commands into the device, connect it to a system using USB port and you will see commands being sent. Much work has been done on Teensy, with some really great things done with this.
This talk focuses on usage of Teensy in a Penetration Test. You will see how easy it is to pwn a machine using teensy with just a few keystrokes. Some intuitive attack methods and payloads will be demonstrated. We will have a look on how fabulously teensy goes through the instructions provided. We will also go through some steps in tutorial mode so that you can program your own teensy device. This is a relatively new attack vector and needs attention and community contribution. The talk will be full of live demos.