Do NOT Plug This USB In! - Hak5 Rubber Ducky

7:25 It's because the system can set (from inside) the CAPS lock and NUM lock state of keyboards. The keyboard is aware of change. So if the Ducky can be a keyboard, it also can be aware of such changes. If the script uses these state changes to transmit a message, the keyboard (here the Ducky) can read them and store the data into a file. It's genius.

Hak5: it was made to automate mundane office tasks
Also Hak5: "Attack mode"

For testing: use vm snapshots to return to a previous state. To get the rubber ducky to work in a vm, pass trough a usb hub or pci card directly to the vm. (not the ducky device itself, that's going to cause issues)

6:00 4 months later and this has suddenly become a real story XD

Finally a video on these, they've been a thing for ages!
Never plug in a random flash drive you've found or been given a lot of the times.

These things have been available for over a decade, I’m surprised Linus has only just made a video on this cool device.

As an IT guy you could test your clients IT Security Awareness with these and load a script onto them, that automatically books the person into the next Security Seminar, so they can learn what to do the next time they find a random USB Stick

6:11 4 months later that has never been more ironic, LMAO

For additional info, Rubber Duckies are INSANELY easy to access and learn.
I built my own out of an Arduino - it’s pretty much identical in functionality to a Rubber Ducky 1.0 and it cost me maybe 6 Canadian Dollars. Granted, I use it to automate basic batch scripts to quickly troubleshoot Windows PCs for myself and some friends but anyone willing enough could definitely do some damage with it if they were so inclined.

I did a project on this in college in 2014 and nearly got a failing grade because my prof said it was unrealistic. I've seem so many things that work like rubber duckies since and it's just grinds my gears every time! These things are neat but dang can they do some harm.

Security analyst here, I've only seen one on a network once, they're pretty interesting! I hope you guys cover more cybersecurity topics

Wow this is scary. I am sure someone could modify a keyboard using a hub and a build in rubber ducky to make it look even less harmfull. If someone receives a USB keyboard by mail, if it looks better than their current keyboard, I am sure many wouldn't hesitate to plug it in their computer to try it.

I remember learning about these many years ago in some certification classes I took when I was 14 & 16. A lot of server places will actually have their USB ports flat out disabled to prevent physical malware attacks and cables locked away behind metal from where they can be physically tampered with the prevent wire tapping even if they are already in locked facilities.

I still use my original rubber ducky to automate all kinds of things and to demo why you don't plug in random flash drives.
Such an amazing piece of kit and the rubber ducky 2.0 is even more amazing!

We need to properly thank I-Am-Jakoby for their various contributions to the Rubber Ducky community! Their work made a lot of this possible. Check out their github for some really useful Rubber Ducky resources: github.com/I-Am-Jakoby

Colton crying after opening the company to a cyber threat is very foreshadowing xD

I always laughed at people for "acting like just plugging in a single USB stick could cause THAT much harm". I guess, I was the fool.

Hak5 brings back so many memories. I'm glad the LTT labs people found a use for their duckies, but I'm not sure I learned all that much.

I remember watching Hak5 when these things came out. I don't recall Darren saying that it was initially conceived as a way to automate routine maintenance tasks, though. The pineapple had already been out for several years by the time the ducky was released. Ducky was an offline counterpart to pair with your pineapple. There's also a LAN turtle.

Glad that your highlighting security tools, tricks, and remediation. Keep doing videos like this. As a security professional I think tech TH-camrs can play an important role in educating users

I would love for LTT to do more videos on Cyber Security

Just now do I realize that I actually want one of these, being able to plug in a drive and have it automate a couple commands looks useful as hell

This sounds like a dream come true for every of Linus's viewers who have grandparents.

Before USB there were versions of this for PS/2. They were largely used for some of the same legitimate tasks, usually some form of automation, or, in some cases they could act as a converter between RS-232 and PS/2 for some serial devices. The tricky part of these USB HID "attacks" is that unlike the old route of a malicious autorun, you can't avoid it by holding shift, and of course once it's plugged in, it gets activated and can start "typing". Some AV software has started adding "keyboard authorization" features to try to combat these types of devices. One interesting approach of dealing with a suspicious "drive" is to plug it in while in a VM (with shortcuts to 'escape' the VM disabled) . Even though it will connect to the host machine, if it is device like this, then keystrokes it tries to send will go to the VM. Heck a MS-DOS VM running a tiny DOS program that just logs key scancodes to a text file could even provide insight on what exactly it is trying to do.

This better be the start of a Hak5xLTT collaboration! Fly Darren and Shannon up to The Lab and let's get a few videos out of this!!

Would absolutely LOVE an LTT deep dive on Hak5 tools

I've been watching Hak5 since 2006, LTT since about 2015..... I was SUPER excited to see this video pop up. I really really hope there's more!
Commenting for the algorithm to show this is a great video!

10:35 Thanks Linus. Now I know what a rubber ducky looks like. I can safely plug in that USB I found this morning on the sidewalk - it doesn't have that folding silver shield on it, so can't be a rubber ducky.

I was wondering if LTT would do more security-related videos like the Rubber Ducky. I was pretty excited for this.

At a University near where I live they scattered 50 of these around with a simple script to ping a specific IP so that they could record how many People plugged it in. They recorded 80 different IP Adresses.

Been watching since the earliest of the NCIX days. Great video to let people know about the dangers of things like this. Can't describe how happy I am to see the LTT intro and song making their way back into all the videos. don't know why, just am!

Ah yes, the old USB port as an attack vector. Funny you should mention DSM, because one of their SysOps gave a talk at a local small time Defcon type of convention and he mentioned the use of hot melt glue to stop USB port based attacks.
Still I always figured that given what we did as kids in high school during the 90s these kinds of attacks would be obvious by now.
All of the computers in HS ran NT4, so their drives were NTFS. Except for the computers in the computer lab, because due to curriculum requirements those were W95 machines. Now IT had considered that diskettes would be an attack vector, so they passworded the BIOS and made the A and B drives non-bootable.
Except they messed up. All the BIOSes had the same password. Windows 95 is basically a glorified DOS shell, so any user would have low-level access to the hardware. So use W95 to make a dump of the BIOS, take it home, grep the password from the dump.
Prep a muLinux diskette with the NTFS read kernel driver, use BIOS password on NT4 box to enable booting from diskette. Boot up muLinux, grab the SAM files, take em home and run L0pht at your leisure.
It left no trace on the school computers and meanwhile we had Domain Admin level access.

Those are old news, but its good that someone from the mainstream is actually covering this attack venue, and yet another lesson on why not to plug random USB accessories willy nilly

0:27 "It can also be used for highly illegal cyber crime."
*Displays Windows Update*

That recreation of the Mr.Robot's scene with the usb thumb drive taken and plugged in by the cop was funny AF with Colton being the victim 😂

The main infosec advice I give to people is simple "Unless you know what it is, don't put it in". Works decently for other bad decisions you make sometimes too.

Love seeing this, I would love more security integration from LTT in videos ❤

Very excited and happy to see Linus mentioning Darren Kitchen, two of my first and most favourite youtubers.
There are a ton of other hardware based hacking devices from Hak5, we would really like to see those to be featured in LTT as well.

Always interesting seeing a non-infosec perspective on the different devices/equipment we use. Just assuming based off of your feedback for the ducky, you might be better off using a combination of... Vagrant/Packer for machine image creation, Ansible for software deployment and configuration within the image or device, and Terraform for physical device provisioning. It would all be done over an ethernet connection too instead of the hassle w/ managing multiple duckies and scripts.

LTT needs to do a video on installing windows and user V admin accounts and how to set them up to be secure, topics like login options for users and how they matter.

I remember in the late 80s/early 90s we had to write software on public computers and the only way to save our code was with floppies. We were constantly running into issues where our own floppies that we bought and formatted on our machines, got infected.

My university end of bachelor program was making a program to detect unknown peripherals and checking if they were trying to do a payload. We used a rubber ducky for showcase. :D
Brings back the memories.

The Writer, Tanner McCoolman, was excellent for this video. As someone that was trained in CySec and learned how to use a USB Rubber Ducky, it was very well explained on how this attack vector works!

as a cyber security professional i would love to see LMG pick up more cyber content. LinusSecTips????

I'm surprised he hasn't reviewed one of these sooner. I've used these for years, amazing tools, but also pretty deadly if you wanted to use it as such

Using this as a means to automate bench setup is pretty ingenious.
Been subbed to the Hack5 channel for a while and totally love what they did there! It's a research tool in one hand, or a weapon in another. Great video!

Thanks, it's always good to be reminded that what I don't know about security is huge compared to what little I know. Great video, thanks again.

I always wondered if they were going to ever release a newer version of the Duckie, I've had mine for years and it is a super useful tool, especially if you work in I.T. and have to do mundane task, I use mine to install software we use at work after a reimage

You really emphasized "Being safe" at the end there🤣

VM's could totally be an option. I don't know about Windows, but on Linux using qemu you can pass an entire USB controller to a VM, so if you plug the ducky into a specific port it controls the VM

I bought one of these to automate iPad and Mac deployments when we aren’t using DEP. Saves SO MUCH TIME, it just needs to be updated occasionally

These are VERY useful tools, different versions too!

Can you build a 5 minute version of this? I would love to share this with my non-technical staff, just so they can know the danger. Heck, that would be a fantastic new channel--security issues for non security people.

I worked for DSM at a local industrial site before our buy out and when I tell you that our classes RAMPED up and they locked our machines. We weren’t allowed to use anything in the machines unless it was provided by our it team.

Although these have been available for a while now, the new ones are especially powerful. Thanks for spreading the knowledge!

If you do forensic on a machine that one of these plugs into, it is very obvious these ran. Unless they changed something but it mostly leaves a lot of traces it was ran.

Great video! Thanks for educating about this kind of attack 😃
Been working on a couple of Open-Source BadUSB projects myself recently.

9:02 - Most hypervisors offer some sort of 'snapshot' feature that will allow you to preserve the state of the virtual machine at that moment in time, including the contents of RAM. That's sort of out of the scope of what this device does, but it's quick and easy to do. You could also use the templating feature, although you might run into issues with unique IDs generated by some systems. Windows has sysprep for this, and linux generally doesn't care, but some of your applications might, especially expensive per-seat enterprise applications.

Fun facts:
The clip in the beginning ( 0:09 - 0:18 ) was a TV-Ad that was actually shown in the early 2000s in germany. The conclusion „So wach warst du noch nie“ at the end means something like „You have never been more awake than now“ and advertised a coffee drink with high caffeine content.
There were many complaints due to horrified children and dropouts of pacemakers because of this ads.

So cool to see Linus tackling some cybersecurity now. Everyone could use some extra awareness.

I saw this first hand while traveling about a decade ago. Working late, I was getting into one of the last cars in the lot when I looked down to see a loose USB drive on the ground. I followed protocol from where I work and turned it in to their security. Apparently they’d been doing internal phishing tests to see who would plug these in.

You may also want to make PSA video about the “O.MG Cable” from Hak5 as well. Basically a USB Rubber Ducky + antenna for local wireless offloading of data in a package that looks like your run of the mill USB cable

I made one of these with a cheap raspberry pi Pico and it works amazingly, and it is extremely easy to use, they are really help full when trying to code or set up something on multiple computers because it automates it.

Coltons Reaction was F***ing priceless even if it was staged XD 🤣

Fun story (can’t verify it though)- back in the days of 2600 (an old hacker mag) I remember an article where someone took a bunch of USB drives with CIA and FBI logos on them and dropped them in random locations around Washington, DC
They had one function - ping “home” to indicate they had been plugged in.
The success rate was… disturbing.

Really cool tool actually. Colleagues I have worked with doing penntesting have mentioned the insane amount of times they have just dropped a USB outside a building and someone being silly enough to just pick it up and plug it in to see whats on it...

Most people have absolutely no idea how scary these things are lol. I ordered one a few years ago to play around with. I don't use it much but I still carry it around with me in my laptop bag. The first day I had it I managed to build a payload that when plugged in within a few seconds would grab every single one of my saved Google chrome passwords and email it to myself. My jaw hit the floor when that email came in with my entire password list in it lol. From that point forward I pretty much NEVER walk away from my laptop at work without locking it. It's insane how much damage someone can do with one of these and a little know-how and 5 seconds of access to a USB slot on your device.

Damn, there’s even a USB-C version. Nobody is safe.

Great video! Though you should have shown the Ducky as several different looking USB sticks. A novice might only watch out for a stick that looks like the one you are showing. And it seems to me like you are trying to communicate to novices too. Otherwise I have nothing to complain about and found the video very well written and informative.

Thank you for covering this! I know this is the newest release which is awesome!

I've been using a ducky for 5 years to automate changing settings in windows and install software for machines we sell to customers to ensure that they are ready to use out of the box.

Hak5's stuff is great. They have some amazing tools.

It would be interesting if LTT did an interview with Darren Kitchen or Shannon Morse on their products.

If I remember correctly Stuxnet, one of the most sophisticated viruses discovered, happened by someone dropping a usb in a parking lot as the nuclear facility it targeted was completely disconnected from external networks. There is a really interesting podcast (Darknet Diaries ep29) that talks more about it.

At my workplace, the desktops had just the two USB ports for the keyboard and mouse enabled for just HID, and all others disabled. IT are the only ones that can get files off a flash drive using an isolated, disconnected machine with various malware scanners.

on the topic on opsec, has LTT ever hired pen testers to test security? if so, would there ever be a video on the topic?

Just realized my passion and finally started pursuing a comp sci degree this semester. And I'm quite proud of myself because I actually understood every single issue you guys listed with the ducky. I love this field haha

these are perfect for pranks!
remote controlling your teachers computer in class really gets a laugh out of your peers

Love the editing on this one. Also interesting tool for the Labs.

Props to the Hak5 team. Great group of people

You know wireless BadUSBs exist, they're open source too : ) search for them on TH-cam

Interesting use for automating your PC setup. Have you also tried UiPath process automation?! It can perform way more complicated stuff and it seems easier to setup that this rubber ducky stuff. Nice shoutout to the Konami cheat code, I'm a game dev :D

Great video! between the Hak and the pineapple wifi there's material for a couple more at best.. would love to see more of it!
Btw, it's just me or Linus looks like he hasn't slept for 3 days?

This is probably the best advertisement they could have asked for. I'd bet tens of thousands of people bought it after watching your great promotion.

You can configure any Arduino to act as a HID device, I had this idea some time ago but ofc there's a consumer product for this already 😃

Unlike other crime, this is the one that you can stop yourself falling for.
NEVER plug in a USB that isn't yours

happy for things like yubikey and other mfa devices with tools like this

I go through training once a year on IT security, and this is one of the topics.

So happy you're doing hak5 reviews now dude. They have some really cool shit. Get Anthony to start pen testing tutorials on here too. Test would be SOOOO COOOL
Edit. I said tutorials. Watching the end of video probably not a good idea. But examples of like previous attempts or actions

Mr. Robot is such a great show. One of the few series that stuck the landing. With a name like Mr. Robot, the show is not at all what you think it is.

I made a very rudimentary version of this once out of a microcontroller. It was to get an achievement in a video game that required a lot of button mashing. Fun times!

OMG, Hak5! One of the OG video content creators out there. They're like older or the same age as TH-cam. Used to watch them in Revision3 back in the day.

5:56 the irony here is palpable - this scene didn't age very well for LMG.

I did suggest to Snubs a few years back to do a colab with you. Good to see you cover it at last. I got the original Ducky way back in the day.

I know of one virus that spread through USB, I forget the exact name of it, but I had it both from a school computer and a mobile radio station computer.
The way it worked was: if you inserted a USB drive, the computer had a background task running that would hide all your files/folders, and replace them with shortcuts that both opened the file, and opened the virus, spreading it to your machine and anything else you plugged into it.
Luckily for me, AVG free was able to pick up the virus file on my drive the first time, so I was just stuck with shortcuts for icons (easily fixed with some cmd trickery). The second time I recognized what happened and removed it myself (lucky me I had autorun disabled and the virus couldn't run itself, for some reason).

I've done this somewhat similarly long time ago when I was in high school. I got a rando DVD from my friend and tried it on my PC. The next thing happened was a sudden jumpscare in fullscreen.
I jumped so hard out of my chair, basically my first ever jumpscare.

This is actually why a lot of businesses will prevent you from plugging in any keyboard except the "certified" ones. I think Active Directory even has a feature for that

10:40 Remember kids safety first

Human error is always going to the weakest link in cyber security sadly. As you said it only takes one. I've caught ransomware before working in IT before it caused major issues and each time it was always human error that brought it in.

0:29 i love how that website is considered cyber crime