IsaacPrivett

[Music] hi everyone how's it going um my name is Isaac privet um and we're gonna talk about my presentation called silent but deadly and it's uh using ultrasonic sound as a means for exfiltrating data so essentially I'm going to show a couple demos we're going to go through a little bit of History um and some research that I went through and then I'll show you a a video demonstration and stuff like that to um we'll get to it but a little bit about myself I'm a professional penetration tester for uh second Labs um it's a penetration testing uh firm out of uh Miss Saga um I'm new to the game um I graduated from State not too long ago

and we were at the information system security um and

and well hopefully there's I'm sure there's some purple team people in here too but um hopefully this uh talk will help a little bit of both um red team I'm hoping it gives you a little bit of uh food for thought and maybe finding some interesting ways of uh circumventing air gap systems or and stuff like that and blue team maybe to think about some other avenues that you can be attacked um because not all data exfiltration happens over the Internet so if you have your seam um alerts only for looking for that kind of thing something like this could uh fly underneath the

radar okay so um to start off um I'm GNA just uh give a couple demos um just some something exciting to uh kind of get us thinking about it so I'm going to play a little script on this computer right here and I want anybody to raise their hand if they can hear it anybody hear that no well interestingly enough um my I've got a little frequency analyzer and you can see these little dots here right here you can hear it barely hear it yeah so it's using I um usually I go up to 20 uh 20 khz for this but this is actually at 17 which is within the realm of some people's hearing some people's not mine

not because I went to a lot of concerts and stuff like that and you ruin your hearing but you can see it right here it's these are dots and it's actually spitting out binary that um I could theoretically record with just any just a wave binary uh a wave recorder and then I can recreate this data later so right now it's actually um telling every Everybody my uh save Wi-Fi details so all my passwords and stuff like that for my Wi-Fi so if you want to try to record this and recreate it you can if you

want secretive this can be because if you do this on a system that's air gapped and it's playing no one's going to know the difference because it'll play in the background um I've got it to where it'll um it's a script that will automatically run when your computer starts and it'll start chirping off details from your computer that whatever I'm looking for and it'll CHP it off and I could record it um I've I've tested it out I can record it like outside from outside the room so if I get it on your computer and I'm standing outside the room and I can just record it on my phone take take it home recreate the

data now I've got the data and it doesn't even go onto the internet so so it's kind of fun to do stuff like that and I've been doing a lot

of my computer anybody see this doing anything no it's just a command prompt not doing anything right actually what it's doing right now is very subtly changing the

screen it's saying hello and binary right now I'll uh show you I'll show you a version of it where

um I'll show you a version with it a little bit

like a 20% difference and you can see this screen going like that so so now it's like so now you can see what's happening as opposed to before

where knowing what's happening and it's hard to tell the difference because your eyes are constantly adjusting to the light so it looks to you to me when I'm at the computer

like that's line the side of your computer so these are different techniques that um people can use and I've been studying sorry there we go

and this is kind of like a little U little bio of what we're going to go through first we're going to do our intro I did the demos and we're going to go over a little bit of research try to try to learn something I guess um and it'll be just kind of like a basic background for people who aren't familiar with side Channel techniques and then I'm going to go over um kind of like methodology of how you would uh do an attack like

this because little crashed but um it's some the techniques that you can deliver this payload um strategies of doing it and then I'm going to talk about data reconstruction how what do you do after you record all this data like how do you get it back to make something useful because I don't know about you but most of us can't read binary right like I mean can after a while but and then we'll talk about lessons learn okay so we have this problem if a system isn't connected to the network how do we exfiltrate data from it

um stuff like that um and they intentionally air gap these systems because they think that it makes them immune to attack um unfortunately we know from history that's not necessarily the case it makes it more difficult um and with my technique there are ways to uh get circumvent air gaps and getting data from it okay and what are side Channel attacks side Channel attacks exploit indirect information such as physical emissions or system Behavior to gain insights into a system's operation and

extract different techniques um but side Channel attacks a lot of people think of them as like they happen mostly in labs and so you when you're reading about different about side channeling techniques a lot of them like there was one that came out not too long ago

ultasonic sound to exfiltrate data but they didn't a lab and they only could do it from a very short period way way like they can only get the data from like let's say this distance from the laptop or a computer um and there are reasons for that like some people I think

they to it [Music]

but surface right um and your motherboard speaker I'm sure you've heard it like I don't know I've been playing with the computer since I was a kid and I've broken something and it goes beeping at you that's your uh that's your motherboard speaker and most speakers have the ability to um play sound ultrasonic level um

still and especially air gap systems are typically um older systems like Legacy systems and they do um so what happens with my script is it will look for first your computer speaker and then AO it'll automatically default to that but then if it doesn't see that it'll use your motherboard speakers um the external speakers are louder so those are typically ones you can hear outside of a room room but your motherboard speaker can be pretty loud so you can probably hear it on the ultrasonic sound maybe the distance of that

sign um I don't know how many people use apple uh we use them for work but it also works on your uh iPhone um and basically it's a side Channel technique that um it's vulnerable Safari I use a webkit and Safari and they're able to get your um your sensitive data from like your Gmail passwords and all that stuff like that um using this and it just came out I think it just came out like last month so it uses if you want to look it up um it's it also uses the Spectre technique I'm not going to go into the detail as far as that what that is but Google it um it's really really cool and I find

all these side Channel techniques really awesome because it's it's something different from just like banging away keyboard and trying to like get root on a system right this is a little bit more fun okay if I can get my here we go so here's a list of different side channel uh techniques out there um I'm sure there this isn't a comprehensive list by any means um I'm sure the NSA and stuff like that has all kinds of different ways

actually people use this in web a lot of times like you'll send password test brute for trying to Brute Force passwords and stuff like that and you can use timing attacks um to see like how long it takes some of this stuff

and as well uh with side channeling techniques um Power analysis um basically you look at for subtle changes in power as your um as the system is um doing like hashes hashes and stuff like that and um I'll talk about it in a minute um on how they do that they uh basically look at how much your CPU draws the power and you can actually um use that to crack hashes and it's pretty interesting um they look at electron magnetic emissions um like displays um there's really cool ways that you can uh use like s strs to look at um monitors and use a look at the electromag r ways and you can recreate the monitor I've actually done it at

home oh you know this one I don't remember yeah it's called a v e radiation um and I don't know off the top of my head but I have played with it with my S strr um it's really cool if you can set it up get it working because it's like a black and white [Music]

view C you look at the C you can mess up the cash you can look at fa analysis and thermal attacks which is also really cool like heat traces looking like you can have a heat uh thermal camera pointed at keyboard and like basically use it as a key logger based upon the there's all kinds of different ways that you can uh side Channel and use it to um so coming to the end of the research um this is a little bit about history of side Channel attacks um they go all the way back to 1943 when the British intelligence was trying to crack the Enigma code with Enigma machines and they actually hired special listeners

that knew that could come up with a sound to help with uh they listen to the machines and help decide help them figure out what settings the [ __ ] machine machine

was and then um we had the Tempest project um and from the 1960s that was when the NSA um just really got into it uh looking at side channeling look at different electromagnetic um emissions the machines uh give off and they were able to use that to basically recreate data and detect what's going on and actually that's a lot of the reason nowadays why we have the shielded uh wires and stuff like that because unshielded wires give off um electrom magnetic radiation and you can use that to see what's going through the wire essentially and then when we get to a digital age uh this guy right here Paul Coker he was really really cool and I've read some of his

papers um he uh used timing attacks to uh crack uh RSA keys and Dey hman and stuff like that uh sorry and then he used a differential power analysis as well um to do the same thing and it is really cool to read that research because you see where they trace the U power analysis on the power analysis one and there are a bunch of graphs in a row and they keep sending this similar stuff and they look at the difference on the graphs and they're able to use that to crack like 128bit keys and stuff like that and so what they do is because the those keys are so difficult they break up the keys in

little parts and so they only crack Parts the certain bites of the key and then they put it all back together and then they crack your crack those keys it's really really cool so I highly recommend you guys if you have time to do a little bit of research on it especially this paper right here that one is really really cool and then in the 2000s we get cash attack surfaces and then crypto uh or acoustic crypto analysis gets uh gains a little bit of traction and then then it moves into what I've been into the ultrasonic side Channel attacks and like I said the Casper technique just came out uh this past year by from South

Korea team um and it does something very similar what I'm going to show you guys today okay um what is ultrasonic sound does anybody know the definition well I guess it's right there but um anyway uh I turned off the animations because I thought they were kind of distracting um the human year can hear between 20 Herz and 20 khz under ideal circumstances this showman here was the beeps earlier but um unfortunately as we get older a lot of our hearing gets damaged from loud noises loud music airplanes whatever you know it reduces our uh spectrum that we can hear um interestingly enough like I tested on my my son and he can hear almost all the

way up to 20 phz but I can only hear to about 16 khz so it gives a lot of room to play um because ultrasonic frequencies technically start at 20 khz but the technology that we have that you can buy doesn't necessarily pick up much above the 20 khz range so it really is beneficial that when to play off people's messed up hearing um that you can you can extend that range and you can use that to to your advantage because I just played the sound and binary but if you want to make your own protocol to um make the jumps in the range like smaller you can play the data faster because right now with

the binary data it's it's it's decently slow it would probably take about 10 minutes to send all my Wi-Fi data out so that's a long time to record but if you play with the Spectrum a little bit you you could probably increase that by three four times if you spend the time doing so so I played with it a bit and um I played with buying little microphones and stuff like that and speak different speakers to play with it but most will go up to the 20 kiltz right off the shelf yeah what's

up that actually would be a great idea he's like D I hear it I hear it know how accurate it would it would be is the problem um yeah so most uh most stuff you can buy will go all the way up to the 20 KZ and some will go up to 21 and you can actually look at the specs of the microphones and stuff like that that you're buying to see how far it goes and you can get some that will go up higher but they're pretty expensive but I did find some like on Digi key and stuff like that they're little tiny tiny guys and you can barely see them so if you're wanting to

weaponize this like make your own little um device you can buy a little microphone and put it down there it doesn't need to to connect to the internet because all it has to do is play that sound off right yeah what's

up um it's just straight stream because because it's an airgap system um and I'll explain a little bit more later it's not a two-way street you put on you get the script running on the the system that you're looking that gets the data and it plays it and you're supposed to be around to hear it or record it or whatever it's it's not not back and forth and the reason why is it's more stealthy that way right you get it on the system it starts doing its thing and there's nothing for really for someone to detect after that point right it's just playing a I used Powershell script to do most of the stuff and I'll explain why um but it

just it's like it set it and forget it it just goes and does its thing and there's nothing for like a system men or something like that to detect unless they're they can like this guy he can hear all the way up to 20 right okay and the last research slide here that I have is uh okay what is ultrasonic dat data exfiltration and it's pretty self-explanatory at this point like you essentially use ultrasonic sound and you can either have it play binary or whatever however you want to create the uh script um but you just play these sounds and you've got a and it's gonna be giving away data and you have to have a

way to record the sound and do it later I mean I haven't personally made a script that will do it in real time um that sounds like a future thing to do but uh and sounds really difficult but um it would be possible to do it real time but um the easiest way for us is just to record it later okay so now we know what we're wanting to do how do we get the payload onto the system right that's that's always the trick um I came up with three different realistic ways of getting it on to um an airgap system I'm sure there's more um the first one I don't know if you've heard of it it's called Mouse

jacket it is super super fun um it's using a device I use a device called a crazy radio you can get them on online and they have a awesome range like a I think it's like over 100 meters away and so what you it's it um takes advantage of a vulnerability and wireless mice so if you have a wireless mouse you might want to look into this um and it basically can hijacks your wireless mouse dongle you know that little USB plug into the side of your computer it hijacks that and it will play keystrokes

in um

Windows it'll start Windows thinks you're typing when it's actually my crazy radio typing my script on on your computer so that's why I like it so much because you can do it from I'll show a video demonstration of us doing it outside a room you can do it from pretty far away it's it's a lot of fun but if they don't have a wireless mouse you can use something called a bad USB um also known as a rubber ducky plug it in there and um if you get physical access to the air gap system it'll automatically typing out your script for you or you can just use a modified USB that does something uh very similar again my

preference is mouse jacking because I think it's cooler and I'm always going for what what's cooler right right okay so I broke this delivery up into eight steps um basically the first thing you need to do is find your target when you're using um um when you're using Mouse jacking um you can use a a program called better app it's a open source system uh open source software you can get's on uh Linux it's really cool um and you can use it to listen to for vulnerable mice out there I actually tested out when I was in school um I would went into the library and just turned on better cap just to see how

many mice out there uh were vulnerable to this and there were quite a few I didn't actually send anything to anybody because it's illegal yeah it was me no um yeah um but yeah so it's it's very prevalent like I actually found a mouse like one of the top mice on wireless mice on Amazon actually the first result is vulnerable Mouse checking uh Yes actually yep um and the problem is with these cheaper Wireless M mice the manufacturers it's more expensive to fix it as opposed to just leaving it the way it is there are patches out there if you have wireless mouse that is vulnerable a lot of companies do provide a patch go

look it up if you think that um it's vulnerable anyway so then you the next step now that you know where you're going which which your target is you inject the Melissa script with better cap and you and what that does it works like a wireless version of a rubber ducky starts injecting keystrokes into the victim machine and the reason why this next step is Powershell I chose Powershell because Windows no longer comes with a built-in compiler and so these systems that I'm targeting are air you can't download a comp compiler um that Windows used to like old version of Windows do have Visual Basic and theoretically you could type and compile up a Visual Basic script if

it's a very old Windows machine but those aren't out there as much anymore so the best I found the best meth delivery method for this attack is actually Powershell so you can use this to start um injecting script uh open up your Powershell screen and start basically typing a Powershell script like you're sitting at the keyboard but you can do it from 100 meters away which is really really cool um the next step in this is volume control that's really important because um the best way to run the script it works both in regular power and admin power shell but my favorite part of the script actually runs in admin power shell because I make it persistent on

the system right if you're only wanting to run the script once you don't have to go through the uh the admin Powershell or the volume control because but what happens when you go from regular Powershell to admin poers shell anybody know what happens it makes a loud noise it goes beep or whatever that beep noise is the window do so my script actually turns the volume down on the computer to zero when it's bringing up a mowers shell and then it it'll bring it back up to zero up to 100 after it goes into the men power you won't be able to hear your sound right so that's those next two steps and then the strip starts playing

the ultrasonic sound and so it's detectable by microphones of a lot of different kinds of microphones your phone have your phone nearby you can just stand outside in the hallway and You' be able to pick it up and so it starts beeping and it'll beep through and binary what data you're looking for off this system what's

up I didn't not I guess it does anyway that's cool uh yeah yeah I guess so um so then you record the data and then you take the data the file which ends up being a wave file and you um use my script and it recreates the data back to what it was and it's basically you can essentially uh look at your pull it up on Powershell and see what your Wi-Fi data is and it pulls prints it out on the screen and then when the end result I'll show you it prints out the exact same thing so it's it's really cool okay so the delivery of the script works on two layers and I kind of explained it

already you have to have the ducky script which I'll go into ducky script a little bit and then a screenshot down uh down the road and then you have to have the code that's the Powershell script that actually runs on the machine so it's it's like a double layer sword there and you can modify it to however you want like I have it currently to do Wi-Fi data but you as long as you can find information via Powershell on the system you can you can use modify the script really easily to do whatever you want and then there's the execution which um that's the fun part is when it actually runs on the uh this victim

machine and there's ways to go around it to where you can off escate what you're doing to make sure that it makes it less likely because you don't want someone to look over at the machine the air gap system and be like oh man what's going on over there so there's there's ways around to make it less less noticeable

up hey it depends on what data you're looking for um but let's say this machine right here if it's beeping off its um all its W it's data um I I've gotten it up to about it takes about eight minutes or so to reliably get

it long file that it sends out but it's it does take a little bit of time so that's what I was saying when you can buy little microphone devices and leave it in the room theoretically if you could do that and just peace

out uh but yeah it's h it doesn't have to be as quiet as you expect right okay so ducky script has anybody around here played with ducky script yeah it's it's it's fun um not really simply if you've ever done it it can be a pain in the butt it really can be um ducky script is like super super easy to understand so like let's say right here it's a gooey R what that's doing is that's basically uh doing the U bringing up run on your um Windows machine right and then it's it's typing it delays a minute and it types it types the stream hour so into the um The Run thing and so now it's bringing a

power shell and then it it hits enter and it delays more and then types this string and then enter Then types another string enter and then and I add delays and stuff like that in there because um sometimes the system it's ducky script can run way too fast for the system so you add delays in there just to make sure everything comes out smooth and you get everything typed in the way it wants because it actually takes time uh yeah yeah it's milliseconds I'm not doing Alum seconds that would be that would take forever yeah so ducky scripts really fun if you have if you have a rubber duck or looking into rubber ducky looking the

ducky script is it's a lot of fun to play with this is a picture of the screenshot of the Powershell script that actually the what I was running actually does so this is what the script actually sends over and runs into your system and as you can see it's getting your net address um and all your Wi-Fi data and it's basically saving it into a file called stats. text and then changes it over to Binary removes the item stats. texts and then it basically goes through and I iterates through that uh binary data and if it's a zero it plays at 17 k and if it's a one it plays at 18 I've done later versions of this script to

add another um level to this has like a called a control beat it makes it easier when you're reconstructing the script refr data because it'll do what it'll do is it'll play like a 17 and then all of a sudden it'll play a 19 and then it'll do an 18 and then it'll do a 19 so it plays a 19 in between everyone and so that way the script knows when one beep is and so that way it makes it easier to recreate it and it makes it more

reliable half a Kilz or something like that and you can put them all over the place within that range um I think the 0.25 range is the most reliable when you're recording with a regular recording device so there's room to play and so I only was doing binary because it's just super reliable and easy it is slow but you could do octal or

something this is a this a video demonstration of it working um from when we were at State uh doing it maybe not hold on button back so you see the computer sitting inside the room we're outside the room in the hallway running the script from on the hallway you can the C well C this is this background of the screen what's happening so we got a view of the actual screen over there and this is like the desktop and now you see it it's automatically typing this from the hallway and so like you can see I'm not sitting at the keyboard and all this stuff is happening and it's move moved into Min Powershell it's set set the volume back

up to full blast and now it's running the uh the script that I showed you earlier and it types it all out and a second you'll see after it's done typing um I left it to where you could see the the binary bytes play so now it's running script see the ones right here and it'll go to zeros and it's actually running beeping out the binary right there and running the script from outside the hallway so it's a really cool little script and you can see we're outside and you can see the binary right here ones and zeros for the thing so we're you can it just goes to show that there's quite a bit of

range and it's it's pretty uh prevalent right there and we could probably could have gotten farther away um so that's uh kind of like a demonstration of it actually working um sorry I didn't want to do it like in person because that would uh leaves chance for messing

up that to happen necessarily in real world situation because someone just walks up and I see oh what's this computer doing so there's ways to off escate what's happening to where you're doing this and people won't know and I already talked about the volume control um to mitigate issues with them hearing the uh user access control noise but there's also ways to hide the windows so if you add into the script any of these like you can make the screen one

pixel after it's um it's delivered you can also encode the script and uh b64 Powershell actually allows you to convert stuff strings to Bas 64 and run it so that way when you're doing persistence like I save the file as a PS1 file um you can before you save it as a file for PS1 you can encrypt it in basic C4 so that way when someone comes across the file on the file system it's

not just it's showing on the screen and so I've tested out it's a lot of fun to watch the screen just disappear and and then it starts looking like a regular screen but it's still chirping out the binary right okay and to answer this guys question earlier about noise there's a off the shelf program called audacity um that can reduce noise so if you see the screenshot up top you see the binary up top and I have that control beep on this particular screenshot that I was talking telling you guys about um and you see all this noise right here this is a background noise and actually it even works with u really strong noise um The Audacity has

filters that will automatically reduce noise so you can pick a range that you're looking for and see we're looking for this right here and with a click up a button now we've got a very much cleaner sample that you're looking for and so even uh areas with like a lot of background noise you can use something like audacity to clean it up really quickly and then you cleaned up your wave and now you can use it to use the python script to get um the data right and then comes the data reconstruction part of this um as I said before um it uses waves and I don't know if you guys are

familiar um the python script what it does is it slices up all these samples um into small bites right and it's basically slices it up then looks for the beep and then it finds the beep and then adds that to a string and then so it starts building the string as you go in our array and then that's how it recreates the data after a while so it slices it up it looks for the frequency you're looking for and it adds the bits into a uh an array and then now you have a file now you have a binary file of all the bits and then after that point your un because now you have the data you're

looking for all you have to do is either use this the script and know basically recreate it for you and print it out on the screen but it also saves it into a file for um here's some code I like to show a little bit of code of what we did um I'm not going to go I don't have time to really go through um all these functions but basically I'm going to tell you a little bit of the libraries we use Pyon libraries we use and I'm going to put this stuff on GitHub later um and so if you look me up on LinkedIn I'll share it on GitHub so if you guys want to play

with it have fun with it do whatever you want to do um you guys can play with it um so the libraries it uses are the wave uh baski numpy and Skippy and that's all you need really it's um it's not the most complicated script in the world and basically all it does is get the name of the wave file open the wave file get the recording info Loop through the samples that I told you the slices then de code for the beat close the way file and then this decodes message from binary it's it looks a lot more complicated than actually is but these are all just like um functions that I use to uh get it

done right sorry I'm running out of time so I'm gonna have to I'm rushing a little bit yeah okay so decoding the data this is a little bit of just a couple screenshots of it actually running up here you see the list it's uh running the python file and it basically decodes the beeps and the bits is done and then now you have your decoded message and you see the uh the Wi-Fi data and that's all just from our recorded file that we did so it's pretty cool um I have time time yeah I think I do couple like a minute and you can just see it running um just to prove that it actually does what it does like so this

is just a test

file it works pretty fast like not too bad um yeah yeah so that it runs through and then ites a message and it's exactly the same as what it's before and then we even ran a hash just to make sure that about the file and the the the decoded file and the uh test file were the same right yeah so we just we R in the hash just to make sure and as you can see the hash is match um nothing too crazy there come on okay so final thoughts um some of the challenges that we ran into during when we were doing this uh transmission reliability we had a couple issues at first with the crazy radio sending the

mouse jacking and if it misses misses a keystroke now your script is doesn't work so we had to find ways to figure that out and actually the random way that I found that works best for my crazy radio was I wrapped it in tin poil yeah wrapped it up in 10 and taped it on there it looks really funny but it uh improved the reliability tremendously so that kind of helped um uh we talked about the transfer speed um and that was a good idea on the OCTA thing um you could there's ways to improve it

um wrong your whole file is now kind of that's up there there's ways to to fix it um ACS attack can involve in to um like we limited it to Mouse jacking but other delivery methods can can be U uh invented and explored and then other side Channel techniques can be played with like I showed you the screen brightness so there's and I'm sure there are plenty other ways that someone smarter than me can find to attack aat system and what did we learn um most people should pay attention to their Wireless mice and keyboards um because there's so many out there that are vulnerable to this um and Powershell I didn't really I wasn't really big on Powershell before

but since then poell has become one of my favorite things ever because it is so powerful like if you don't know Powershell I highly recommend going out learning Powershell because Windows systems are everywhere and you've got it and you can pretty much can do whatever you want on Windows systems um and last one it's not easy to attack an airap system without getting caught um people can catch this attack like if someone's sitting there right when that's typing out that script you're caught um and it's possible to do this and get away with it but it's also not easy to get not to get caught so just be careful if you're ever going to try this on a

real air gap system I don't recommend doing it system you don't control yeah yeah just be careful it's not easy to do it without getting caught so here we go um thank you guys for coming um if you have any questions let me know any questions I'll see your

hand sure yeah it was My Capstone for uh

Sate yeah no Powershell was taught in the program so it would have helped me a lot I had to teach myself Powershell um and my inspiration was I don't know I was just looking for something fun and interesting and hard to do and I don't remember how I came up with it I just uh it is it just one of those things happened one time sure

not with mouse jacking but newer duckies I don't know if you heard about it yet they've they've changed ducky script and the new duckies can do if it's a specific uh operating system do this or do this other one um I haven't one the new I haven't actually played with that one yet but um it's one of the new functionalities and new rubber duys that are out

there be any file like honestly as long as you can find a way to uh you can you can use text files and just a straight up binary file which would take forever because if you ever looked at a binary file they're like this long for like just a picture or something like that but it is possible you can do which whatever you want I just did my testing text

files Mouse checking uses ducky scripts so it's just a different way of delivering the script wirelessly as opposed to just using a a ducky because it's just it's easier because you might not have be right next to the keyboard right you might not be able to get you might see the system on the other side of the wall or be sitting in the parking lot and detect the system but you you don't have physical access to it so then you can use Mouse jacking and to text it right there did you have a question okay anybody else oh

yeah oh yeah um honestly you could do it um kios most kiosks actually run off a version of Windows and so and a lot of them if you look have a USB port right there so you could theoretically plug a bad USB into it yep you can do the if they don't have a wireless mouse on it and you can just plug one of the dongles in and now they do and they don't have a mouse there those dongles are so small that you can plug it like in the back of a tower and no one would know there so you can do it that

way

see you could do it that way um by overpowering by just playing like blasting but the problem is um you only have typically one set of speak right and so if you're blasting it putting it up to full blast and trying to drone out this this sound all the other sound that's regular sounds on a computer that you're playing are now playing full blast so part of this yeah yeah something like that you could theoretically do it and jam it that way and that would be an interesting mitigation technique but um again you're constantly playing this sound out into the world and it could I haven't actually I've been more focusing on the attack front of it right yeah any other

questions help with keyong longing I mean I'm sure you could do uh scripts that would uh do key logging and just start beeping out the U I haven't personally done it but um as long as you can come up with the Powershell script that it needs to do the key logging and start beeping off the key I'm sure you could come up with a way to do it and that would be a really interesting attack Vector where real time you can key log yeah yeah anybody else

oh yeah I've looked into it because I like I I personally enjoy iot stuff and I have played with um coming up with a device like a plug-in device that will do this um I haven't personally finished that project yet but I've been I've been playing toying with the idea what's

up I've not been able to bypass the windows loging screen so this particular attack right in a cence form has requires somebody to be logged in so yeah yeah yeah yeah um Captain Crunch so CPN crunch um I don't know if I have it publicly available yet on that but um I will release it on there so you can also look me up on LinkedIn and I just shot me a message and I'll be happy to share cool well thank you guys for coming I really appreciate it lot [Music] questions