**The Dangers of Physical Media: A Threat to Network Security**

In today's digital age, it's easy to get complacent when it comes to network security. Many people assume that their systems are impenetrable, but the reality is that physical media can be a powerful tool for hackers. This article will explore the dangers of physical media and how it can be used to compromise network security.

**The Rubber Ducky: A Tool for Hackers**

A rubber ducky, also known as a USB hacking device, is a small, unassuming tool that can be used to inject malware into a computer system. Its capabilities are limited only by the creativity of its user, and it's not uncommon for hackers to use it to download data from a target system to an external device. The ducky's ability to read binary code is due to its keyboard, which flashes binary bits when pressed.

**The Dangers of Unsecured Systems**

While many people assume that their systems are secure, the reality is that unsecured devices can be vulnerable to attack. In 2012, a multinational chemical firm was almost exposed to a malicious USB stick. Thankfully, the person who found it took it directly to IT and not to management or anyone else who might have accessed its contents. This highlights the importance of following protocol when dealing with physical media.

**The Brain Computer Virus: A Precedent for Physical Media Attacks**

In 1986, a brain computer virus was used to attack computers using floppy disks. The virus spread by infecting each machine it touched, highlighting the potential danger of unsecured devices. In 2010, Stuxnet, a highly sophisticated malware program, was discovered and found to have been spread through various means, including physical media.

**The Reality of Physical Media Attacks**

While many people may not be aware of the dangers of physical media, they are all too familiar with the concept of a crowbar or bolt cutters being used as a tool for theft. The fact that these tools can be used to compromise network security is a sobering reminder of the importance of vigilance when dealing with unsecured devices.

**Squaring Off Against Network Security Threats**

As technology continues to advance, so too do the threats against network security. In 2022, having a website and online presence is essential for building a brand. Squarespace is an all-in-one platform that can help expand your brand online by providing tools to build a beautiful website, engage with your audience, and sell products or services.

**The Importance of Safe Computer Use**

As the threats against network security continue to evolve, it's more important than ever to practice safe computer use. This includes being aware of physical media, such as USB sticks or other devices, and knowing how to identify them for what they are. It also involves following protocol when dealing with sensitive information and taking steps to protect your systems from attack.

**Conclusion**

In conclusion, the dangers of physical media should not be underestimated. While it's easy to get complacent in the digital age, the reality is that unsecured devices can be vulnerable to attack. By being aware of the threats and taking steps to protect our systems, we can help keep ourselves and others safe from harm.

"WEBVTTKind: captionsLanguage: enwhile this may look like a perfectly ordinary USB drive it is actually a tool of Chaos right it's known as the hack 5 rubber ducky and while it can be used to perform silly pranks or to automate mundane office work it can also be used for highly illegal cyber crime this ingenious little device here contains Hardware that can be used to grab passwords open back doors for ransomware or even delete entire file systems in a matter of seconds but rather than ignore it hoping that aspiring narrow duals will remain ignorant of its existence we are going to show all of you how it works demonstrate some of what it can do and give you the knowledge that you need to protect yourself from USB Bandits looking to compromise your precious data you know what else we're gonna do tell you about our sponsor build Redux build Redux makes it easy to configure your new build with support guides to help along the way they also offer competitive pricing as compared to building a PC yourself head to build redux.com Linus and start your new build today foreign the rubber ducky has existed for over a decade becoming a favorite tool of both real world hackers and it professionals alike and it's been featured on TV shows like Mr Robot and Sesame Street are you sure about that last one well it's definitely Mr Robot at least I'm doing a hacking with my rubber ducky USB and what makes the rubber ducky so Insidious is that compared to Media portrayals of hacking devices as full-on computer systems that can wreak havoc when connected to your network or gadgety looking keys that override decryption or authentication it looks perfectly mundane USB a on one side USBC with a little cap on the other it's the kind of thing that you might plug into your machine just to find out what it does second you do that it Springs into action executing its payload and it bypasses many malware scanners by disguising itself to your PC or Mac or even your phone as a human interface device or keyboard I mean what virus scanner or firewall would think to check for a nefarious keyboard not all but actually more than you'd think it turns out rubber duckies do get detected by some of the higher end systems that know how to look for them or rather they did get detected earlier this year hack 5 released the rubber ducky 2.0 which included several features that make detection attempts now flow off it like water off a duck's back previously rubber ducky payloads or programs if you want to call them that had to be tailored to their specific Target for example a payload meant to run on Windows 7 might not work on Windows 11 and certainly wouldn't work on Mac OS but this latest iteration can detect the operating system detect when the device is set up and can even copy Hardware information from an already attached keyboard and spoof it to confuse any would-be security measures it can't even be detected by its input rate because it's limited by default to the speed of an extremely fast yet still believable human meaning it has the same level of system privilege as the logged in user terrifying and while a bit of programming skill is beneficial to make the most of the rubber ducky I suspect the average Enthusiast could pick it up pretty quickly the manual is just 32 pages and fits into the average pen or shirt pocket kind of like the kind you'd find on our excellent Workshop jacket available at lttstore.com ducky code is written in ducky script a proprietary language from hack 5 and simple commands are simple to write Attack Mode lets you set the device into hid and or storage mode string is used to type out letters delay is used to make the device wait for a number of milliseconds perhaps for a program to launch and most other key presses or combinations are achieved by simply putting the name of the key onto a line so here's the Konami Code written in ducky script once you're done building your instructions they can be compiled into a ready-to-use payload using payload Studio it will highlight syntax Mark potential errors and give you suggestions for auto completion while you're typing automating simple keyboard inputs is only so useful though the command line is what really turns the target system into one big ducky puddle playground there it can write and run code to turn the volume all the way up open 20 new Chrome windows with the same YouTube video over and over and over again or put a little Dancing Duck on the screen truly groundbreaking stuff to show you a real world use case we wrote a payload to set up a new PC for benchmarking it installs Chrome 7-Zip and steam pauses to allow for login and then proceeds to install many of the games we typically run with markbench and this use case is notable because it's actually the reason that hack5 founder Darren kitchen built the ducky in the first place to make repetitive tasks like fixing printers or network shares faster and easier but enough about its intended purpose let's talk about how it can be used to get around doors and locks that were meant to stay closed all it takes is one user performing one careless action to compromise the system and it only takes one compromised system to compromise an entire network common practice for troublemakers looking to access a specific network is to invest in a small flock of duckies or similar devices those waterfowl get configured with a malicious payload then they get taken out to sea to go whaling whaling is a type of fishing attack that specifically targets a wealthy or a powerful person a whale and any City's business district is full of such aquatic mammals like Executives politicians or celebrities who have predictable daily routines and might not know very much about computer security a few armed duckies then dropped into a parking lot or in the stairwell of an office building can be an extremely dangerous thing its capabilities are limited only by the creativity of the programmer and as you know there is no such thing as a perfect luck let's say for example a bad actor wanted to download data from a Target system to a ducky device well many well-protected systems completely block external storage devices but there's a solution for that using a script that reads a Target file then flashes the caps lock and number lock keys the duck can read those flashes as binary bits and then quack that loot directly onto its internal micro SD card the ducky 2.0 isn't all powerful though seasoned programmers may find that ducky script 3.0 lacks the same quality of life tools of typical languages among other common issues it's difficult to perform string concatenation for example and the ecosystem leaves a lot of room for improvement while lots of completed payloads can be found online and simply copied to your rubber ducky many of them require modifying the code yourself and lack the documentation that a novice user might need so if you didn't already understand most of the ducky script complaints that we scrolled through you could find yourself having issues early on the biggest issue though is running your code there's a light to indicate the status of any code that's running and there's a button that allows you to stop at Midstream but there's not really a great way to test your payloads unless you have an extra machine that you don't mind doing whatever it is you're doing two and even if you're okay with that there's no guarantee that other systems will function exactly the same as yours it could even be something as simple as whatever delay you've programmed for a chrome window to launch might be longer on a Target system additionally if you've already run a payload on a machine once some of the changes that payload made Might persist making it difficult to track how your code changes are affecting your payloads function if there was an included way for example to run it on a virtual machine that could be restored with a single button press that would be a lot more user friendly if you do have machines to test on and the patience to learn your way around the small issues of the duckyscript language you too though could be doing Mr Robot level infosec exfiltration data busting door crashing and output inputting but that brings us to an important question should you be able to as I said earlier a small flock of unattended armed duckies can be a very dangerous thing as it only takes one to expose an entire network that's what almost happened to the multinational chemical firm DSM back in 2012. thankfully for them instead of checking the contents themselves the person that found the mystery USB stick took it directly to it people following protocol is truly the only way to keep a network secure and even though many people are not aware of how dangerous physical media can be attacking with it is not a New Concept the brain computer virus from 1986 used floppy disks to travel between machines and in 2010 stuxnet famously cloned itself and traveled by any means possible to hit a single offline Target in Iran however in any given year Society is robbed of far more using crowbars and bolt cutters and yet they still sell those at every hardware store so the mere fact that a tool like the rubber ducky can be used by evildoers shouldn't be a cause for Banning it just make sure that you and your loved ones can recognize it for what it is and always practice safe computer use just like I always safely segue to our sponsor Squarespace if you're building your brand online in 2022 you need a website and if you need a tool to help build that brand look no further than Squarespace Squarespace is the all-in-one platform to help expand your brand online make a beautiful website engage with your audience and sell anything and everything from products to content we love Squarespace so much we use it here at lmg it's custom templates make it easy to stand out with a beautiful website that fits your needs you can maximize your visibility thanks to a suite of integrated SEO features and their analytic insights help you optimize for performance so you can see what's going well and What needs a little work so get started today and head to squarespace.com forward slash LTT to get 10 off your first purchase if you guys enjoyed this video you might also enjoy our video on the password reset key too socks and sandals really go well with the ninja mask it turns outwhile this may look like a perfectly ordinary USB drive it is actually a tool of Chaos right it's known as the hack 5 rubber ducky and while it can be used to perform silly pranks or to automate mundane office work it can also be used for highly illegal cyber crime this ingenious little device here contains Hardware that can be used to grab passwords open back doors for ransomware or even delete entire file systems in a matter of seconds but rather than ignore it hoping that aspiring narrow duals will remain ignorant of its existence we are going to show all of you how it works demonstrate some of what it can do and give you the knowledge that you need to protect yourself from USB Bandits looking to compromise your precious data you know what else we're gonna do tell you about our sponsor build Redux build Redux makes it easy to configure your new build with support guides to help along the way they also offer competitive pricing as compared to building a PC yourself head to build redux.com Linus and start your new build today foreign the rubber ducky has existed for over a decade becoming a favorite tool of both real world hackers and it professionals alike and it's been featured on TV shows like Mr Robot and Sesame Street are you sure about that last one well it's definitely Mr Robot at least I'm doing a hacking with my rubber ducky USB and what makes the rubber ducky so Insidious is that compared to Media portrayals of hacking devices as full-on computer systems that can wreak havoc when connected to your network or gadgety looking keys that override decryption or authentication it looks perfectly mundane USB a on one side USBC with a little cap on the other it's the kind of thing that you might plug into your machine just to find out what it does second you do that it Springs into action executing its payload and it bypasses many malware scanners by disguising itself to your PC or Mac or even your phone as a human interface device or keyboard I mean what virus scanner or firewall would think to check for a nefarious keyboard not all but actually more than you'd think it turns out rubber duckies do get detected by some of the higher end systems that know how to look for them or rather they did get detected earlier this year hack 5 released the rubber ducky 2.0 which included several features that make detection attempts now flow off it like water off a duck's back previously rubber ducky payloads or programs if you want to call them that had to be tailored to their specific Target for example a payload meant to run on Windows 7 might not work on Windows 11 and certainly wouldn't work on Mac OS but this latest iteration can detect the operating system detect when the device is set up and can even copy Hardware information from an already attached keyboard and spoof it to confuse any would-be security measures it can't even be detected by its input rate because it's limited by default to the speed of an extremely fast yet still believable human meaning it has the same level of system privilege as the logged in user terrifying and while a bit of programming skill is beneficial to make the most of the rubber ducky I suspect the average Enthusiast could pick it up pretty quickly the manual is just 32 pages and fits into the average pen or shirt pocket kind of like the kind you'd find on our excellent Workshop jacket available at lttstore.com ducky code is written in ducky script a proprietary language from hack 5 and simple commands are simple to write Attack Mode lets you set the device into hid and or storage mode string is used to type out letters delay is used to make the device wait for a number of milliseconds perhaps for a program to launch and most other key presses or combinations are achieved by simply putting the name of the key onto a line so here's the Konami Code written in ducky script once you're done building your instructions they can be compiled into a ready-to-use payload using payload Studio it will highlight syntax Mark potential errors and give you suggestions for auto completion while you're typing automating simple keyboard inputs is only so useful though the command line is what really turns the target system into one big ducky puddle playground there it can write and run code to turn the volume all the way up open 20 new Chrome windows with the same YouTube video over and over and over again or put a little Dancing Duck on the screen truly groundbreaking stuff to show you a real world use case we wrote a payload to set up a new PC for benchmarking it installs Chrome 7-Zip and steam pauses to allow for login and then proceeds to install many of the games we typically run with markbench and this use case is notable because it's actually the reason that hack5 founder Darren kitchen built the ducky in the first place to make repetitive tasks like fixing printers or network shares faster and easier but enough about its intended purpose let's talk about how it can be used to get around doors and locks that were meant to stay closed all it takes is one user performing one careless action to compromise the system and it only takes one compromised system to compromise an entire network common practice for troublemakers looking to access a specific network is to invest in a small flock of duckies or similar devices those waterfowl get configured with a malicious payload then they get taken out to sea to go whaling whaling is a type of fishing attack that specifically targets a wealthy or a powerful person a whale and any City's business district is full of such aquatic mammals like Executives politicians or celebrities who have predictable daily routines and might not know very much about computer security a few armed duckies then dropped into a parking lot or in the stairwell of an office building can be an extremely dangerous thing its capabilities are limited only by the creativity of the programmer and as you know there is no such thing as a perfect luck let's say for example a bad actor wanted to download data from a Target system to a ducky device well many well-protected systems completely block external storage devices but there's a solution for that using a script that reads a Target file then flashes the caps lock and number lock keys the duck can read those flashes as binary bits and then quack that loot directly onto its internal micro SD card the ducky 2.0 isn't all powerful though seasoned programmers may find that ducky script 3.0 lacks the same quality of life tools of typical languages among other common issues it's difficult to perform string concatenation for example and the ecosystem leaves a lot of room for improvement while lots of completed payloads can be found online and simply copied to your rubber ducky many of them require modifying the code yourself and lack the documentation that a novice user might need so if you didn't already understand most of the ducky script complaints that we scrolled through you could find yourself having issues early on the biggest issue though is running your code there's a light to indicate the status of any code that's running and there's a button that allows you to stop at Midstream but there's not really a great way to test your payloads unless you have an extra machine that you don't mind doing whatever it is you're doing two and even if you're okay with that there's no guarantee that other systems will function exactly the same as yours it could even be something as simple as whatever delay you've programmed for a chrome window to launch might be longer on a Target system additionally if you've already run a payload on a machine once some of the changes that payload made Might persist making it difficult to track how your code changes are affecting your payloads function if there was an included way for example to run it on a virtual machine that could be restored with a single button press that would be a lot more user friendly if you do have machines to test on and the patience to learn your way around the small issues of the duckyscript language you too though could be doing Mr Robot level infosec exfiltration data busting door crashing and output inputting but that brings us to an important question should you be able to as I said earlier a small flock of unattended armed duckies can be a very dangerous thing as it only takes one to expose an entire network that's what almost happened to the multinational chemical firm DSM back in 2012. thankfully for them instead of checking the contents themselves the person that found the mystery USB stick took it directly to it people following protocol is truly the only way to keep a network secure and even though many people are not aware of how dangerous physical media can be attacking with it is not a New Concept the brain computer virus from 1986 used floppy disks to travel between machines and in 2010 stuxnet famously cloned itself and traveled by any means possible to hit a single offline Target in Iran however in any given year Society is robbed of far more using crowbars and bolt cutters and yet they still sell those at every hardware store so the mere fact that a tool like the rubber ducky can be used by evildoers shouldn't be a cause for Banning it just make sure that you and your loved ones can recognize it for what it is and always practice safe computer use just like I always safely segue to our sponsor Squarespace if you're building your brand online in 2022 you need a website and if you need a tool to help build that brand look no further than Squarespace Squarespace is the all-in-one platform to help expand your brand online make a beautiful website engage with your audience and sell anything and everything from products to content we love Squarespace so much we use it here at lmg it's custom templates make it easy to stand out with a beautiful website that fits your needs you can maximize your visibility thanks to a suite of integrated SEO features and their analytic insights help you optimize for performance so you can see what's going well and What needs a little work so get started today and head to squarespace.com forward slash LTT to get 10 off your first purchase if you guys enjoyed this video you might also enjoy our video on the password reset key too socks and sandals really go well with the ninja mask it turns out\n"