Ducky

Prerequisites & Requirements

• Intermediate Wireshark Proficiency: A solid understanding of Wireshark's advanced features, including applying complex display filters, following USB conversations, and interpreting various USB protocol data units.

What will you learn?

• Analyze USB HID Traffic: Develop skills in examining captured USB Human Interface Device (HID) traffic to identify and interpret emulated keystrokes from devices like Rubber Duckies.
• Reconstruct Malicious Keystrokes: Learn techniques for extracting and reconstructing command-line inputs and scripts executed by a simulated keyboard device.
• Identify Attacker Infrastructure: Pinpoint external command and control (C2) domains or IP addresses used by an attacker from the reconstructed traffic.

Tools

• Wireshark: An indispensable network protocol analyzer for dissecting and interpreting USB packet captures.