CS426: Senior Projects in Software Engineering
Team 10

Ignacio Astaburuaga, Edgar Fyodorov, Carter Stoffel, Kendall Noraas

Senior Projects in Computer Science, Spring 2019
University of Nevada, Reno, CSE Department

Instructors: Sergiu-Mihai Dascalu and Devrin Lee
External Advisor: Bill Doherty, UNR Cyber Security Faculty

Pen-Pi
For Vulnerability Testing


Team 10 is developing Pen-Pi, a cybersecurity device that can be used for vulnerability testing. Currently, in the cybersecurity tool market, tools such as rubber duckies or bash bunnies are small devices that can only perform a single type of test per device. Cybersecurity professionals and penetration testers need to carry multiple various testing devices to perform a full analysis. Pen-Pi is designed to fill the need for powerful tools in a compact and easily concealable package that can be preloaded and ready to execute a variety of tests, all in only one device.

Technologies Used


                                                 
                                            


Resources

Here is a list of resources related to the project and that have been found useful by the team:

Problem Domain Book



Hacking Experiment by Using USB Rubber Ducky Scripting
This first article is a hacking experiment using USB rubber ducky scripting. This is a great background article for becoming aware of how keystroke injection attacks are possible and how they’ve developed. It explains in great detail how to design a rubber ducky, the methods it employs, how the scripting language works, introduces a password extracting program called Mimikatz, and even the differences between the new Windows 10 operating systems compared to Windows 7. Team 10 found this article to be very useful for our initial research.

         We got this article from:          http://www.iiisci.org/journal/CV$/sci/pdfs/ZA340MX17.pdf

Hardware Trojan Horse Device Based on Unintended USB Channels
This second article is about how USB can fall victim to a hardware trojan horse. It explains the inherent lack of HID device regulation in computer, and how that can be exploited for malicious attacks. The article outlines timing experiments with various USB interfaces, like keyboard, mouse and speakers. This article goes into a lot of detail for theory and calculations, and Team 10 has found it to be a helpful source of information about how to measure the effectiveness of the device that we build.

         We got this article from:          https://pdfs.semanticscholar.org/492b/acfe74eacc5266a3dfc1b789f72cf1a16434.pdf

Exploiting smart-phone USB connectivity for fun and profit
This final article gives a slightly different approach to the use of USB for exploiting devices, and explores it in smartphones. This article is a few years old, but still relevant because now almost all smartphones use some form of USB for charging and syncing. The operating systems on smartphones are just as vulnerable, and could be physically easier to infect, as phones may be found unattended on a table or somewhere.

         We got this article from:          https://cs.gmu.edu/~astavrou/research/acsac10.pdf