Team 10 is developing Pen-Pi, a cybersecurity device that can be used for vulnerability testing. Currently, in the cybersecurity tool market, tools such as rubber duckies or bash bunnies are small devices that can only perform a single type of test per device. Cybersecurity professionals and penetration testers need to carry multiple various testing devices to perform a full analysis. Pen-Pi is designed to fill the need for powerful tools in a compact and easily concealable package that can be preloaded and ready to execute a variety of tests, all in only one device.
Here is a list of resources related to the project and that have been found useful by the team:
Problem Domain Book
Hacking Experiment by Using USB Rubber Ducky Scripting
This first article is a hacking experiment using USB rubber ducky scripting. This is a great background article for becoming aware of how keystroke injection attacks are possible and how they’ve developed. It explains in great detail how to design a rubber ducky, the methods it employs, how the scripting language works, introduces a password extracting program called Mimikatz, and even the differences between the new Windows 10 operating systems compared to Windows 7. Team 10 found this article to be very useful for our initial research.
We got this article from: http://www.iiisci.org/journal/CV$/sci/pdfs/ZA340MX17.pdf
Hardware Trojan Horse Device Based on Unintended USB Channels
This second article is about how USB can fall victim to a hardware trojan horse. It explains the inherent lack of HID device regulation in computer, and how that can be exploited for malicious attacks. The article outlines timing experiments with various USB interfaces, like keyboard, mouse and speakers. This article goes into a lot of detail for theory and calculations, and Team 10 has found it to be a helpful source of information about how to measure the effectiveness of the device that we build.
We got this article from: https://pdfs.semanticscholar.org/492b/acfe74eacc5266a3dfc1b789f72cf1a16434.pdf
Exploiting smart-phone USB connectivity for fun and profit
This final article gives a slightly different approach to the use of USB for exploiting devices, and explores it in smartphones. This article is a few years old, but still relevant because now almost all smartphones use some form of USB for charging and syncing. The operating systems on smartphones are just as vulnerable, and could be physically easier to infect, as phones may be found unattended on a table or somewhere.
We got this article from: https://cs.gmu.edu/~astavrou/research/acsac10.pdf