Ducky-in-the-middle: Injecting keystrokes into plaintext protocols

Esteban Rodriguez

Length: 20 Minutes

Location: Track 3 at 930

Talk Description: This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation.

Bio: I am a Security Consultant at Coalfire Labs. I primarily perform network and web application penetration testing. I worked previously at Apple Inc performing intrusion analysis and incident response. Outside of work I blog at n00py.io and perform independent security research. I have authored multiple penetration testing tools and have presented at Bsides Puerto Rico covering penetration testing techniques.


Back to Schedule