SlideShare ist ein Scribd-Unternehmen logo

Overcoming USB (In)Security

Als ODP, PDF herunterladen
Michael Boman
Michael Boman

This is the slides I used for my "Overcoming USB (In)Security" presentation at NextGen CyberCrime conference in Singapore

Wirtschaft & FinanzenTechnologie
1 von 40
Overcoming USB (In)Security ,[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Lost Data In The News ,[object Object],[object Object],[object Object]
Lost Data In The News ,[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The USB Attack Vector ,[object Object],[object Object],[object Object],[object Object],[object Object]
The USB Attack Vector ,[object Object],[object Object],[object Object]
The USB Attack Vector ,[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Protecting Against Disgruntled Employees ,[object Object]
USB Devices
USB Devices
USB Devices
USB Devices
USB Devices
USB Devices
USB Devices
USB Devices ? ?
USB Devices
USB Devices
Restricting USB Access ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Super-Glue the USB port
Encase the computers in secured cabinets
Use software to disable USB Storage Devices
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Protecting Against Careless Employees What if there is valid business reasons to use USB storage devices?
Storing Data Securely ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DEMO ,[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Background Information on U3 Enabled Drives
Exploiting USB ,[object Object],[object Object]
Exploiting USB ,[object Object],[object Object]
DEMO ,[object Object]
Additional Hardening ,[object Object],[object Object],[object Object],[object Object]
Don't forget Data Slurping
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Q & A ,[object Object]
Thank You! ,[object Object]
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Empfohlen

USB (In)Security 2008-08-22
USB (In)Security 2008-08-22USB (In)Security 2008-08-22
USB (In)Security 2008-08-22
Michael Boman
 
USB flash drive security
USB flash drive securityUSB flash drive security
USB flash drive security
jin88lin
 
Secudrive
SecudriveSecudrive
Secudrive
Insight Information Technology
 
USB Defender Overview
USB Defender OverviewUSB Defender Overview
USB Defender Overview
Straff Wentworth
 
Portable storage device management
Portable storage device managementPortable storage device management
Portable storage device management
cseij
 
Learn How to Detect, Prevent, and Replace the Use of USB Drives
Learn How to Detect, Prevent, and Replace the Use of USB DrivesLearn How to Detect, Prevent, and Replace the Use of USB Drives
Learn How to Detect, Prevent, and Replace the Use of USB Drives
SolarWinds
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
SadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
Asif Raza
 

Empfohlen

USB (In)Security 2008-08-22
USB (In)Security 2008-08-22USB (In)Security 2008-08-22
USB (In)Security 2008-08-22
Michael Boman
 
USB flash drive security
USB flash drive securityUSB flash drive security
USB flash drive security
jin88lin
 
Secudrive
SecudriveSecudrive
Secudrive
Insight Information Technology
 
USB Defender Overview
USB Defender OverviewUSB Defender Overview
USB Defender Overview
Straff Wentworth
 
Portable storage device management
Portable storage device managementPortable storage device management
Portable storage device management
cseij
 
Learn How to Detect, Prevent, and Replace the Use of USB Drives
Learn How to Detect, Prevent, and Replace the Use of USB DrivesLearn How to Detect, Prevent, and Replace the Use of USB Drives
Learn How to Detect, Prevent, and Replace the Use of USB Drives
SolarWinds
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
SadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
Asif Raza
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
ROHITCHHOKER3
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
MarcoAntonioSotoVera
 
Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety
Tawose Olamide Timothy
 
B3: Backup & its relevance
B3: Backup & its relevanceB3: Backup & its relevance
B3: Backup & its relevance
Revolucion
 
File000152
File000152File000152
File000152
Desmond Devendran
 
Cybersafety basics
Cybersafety basicsCybersafety basics
Cybersafety basics
jeeva9948
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)
Cyber Security Infotech
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Devku45
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)
Isaac Feliciano
 
Usb
UsbUsb
Usb
Ding Ma
 
Read me!
Read me!Read me!
Read me!
anntoneth
 
Cyber security
Cyber securityCyber security
Cyber security
Arjun Chetry
 
Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011
warezjoe
 
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffComputer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Nicholas Davis
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safety
Dooremoore
 
Cybersafety basics.ppt cs
Cybersafety basics.ppt csCybersafety basics.ppt cs
Cybersafety basics.ppt cs
Vinay Soni
 
Commonwealth of Learning cybersecurity training for teachers | 2022
Commonwealth of Learning cybersecurity training for teachers | 2022Commonwealth of Learning cybersecurity training for teachers | 2022
Commonwealth of Learning cybersecurity training for teachers | 2022
KharimMchatta
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
dkp205
 
Health and safety in the workplace.
Health and safety in the workplace.Health and safety in the workplace.
Health and safety in the workplace.
OriginalGSM
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
Michael Boman
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
Michael Boman
 

Weitere ähnliche Inhalte

Ähnlich wie Overcoming USB (In)Security

OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 

Ähnlich wie Overcoming USB (In)Security (20)

01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety
 
B3: Backup & its relevance
B3: Backup & its relevanceB3: Backup & its relevance
B3: Backup & its relevance
 
File000152
File000152File000152
File000152
 
Cybersafety basics
Cybersafety basicsCybersafety basics
Cybersafety basics
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)An introduction to cyber security by cyber security infotech pvt ltd(csi)
An introduction to cyber security by cyber security infotech pvt ltd(csi)
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public schoolDev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)
 
Usb
UsbUsb
Usb
 
Read me!
Read me!Read me!
Read me!
 
Cyber security
Cyber securityCyber security
Cyber security
 
Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011
 
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffComputer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safety
 
Cybersafety basics.ppt cs
Cybersafety basics.ppt csCybersafety basics.ppt cs
Cybersafety basics.ppt cs
 
Commonwealth of Learning cybersecurity training for teachers | 2022
Commonwealth of Learning cybersecurity training for teachers | 2022Commonwealth of Learning cybersecurity training for teachers | 2022
Commonwealth of Learning cybersecurity training for teachers | 2022
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
 
Health and safety in the workplace.
Health and safety in the workplace.Health and safety in the workplace.
Health and safety in the workplace.
 

Mehr von Michael Boman

Malware Analysis as a Hobby
Malware Analysis as a HobbyMalware Analysis as a Hobby
Malware Analysis as a Hobby
Michael Boman
 
Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)
Michael Boman
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Michael Boman
 
Enkla hackerknep för testare
Enkla hackerknep för testareEnkla hackerknep för testare
Enkla hackerknep för testare
Michael Boman
 
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Michael Boman
 
Privacy in Wireless Networks
Privacy in Wireless NetworksPrivacy in Wireless Networks
Privacy in Wireless Networks
Michael Boman
 

Mehr von Michael Boman (20)

How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
 
44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And Attribution
 
44CON 2013 - Controlling a PC using Arduino
44CON 2013 - Controlling a PC using Arduino44CON 2013 - Controlling a PC using Arduino
44CON 2013 - Controlling a PC using Arduino
 
Malware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring Budget
 
Malware analysis as a hobby (Owasp Göteborg)
Malware analysis as a hobby (Owasp Göteborg)Malware analysis as a hobby (Owasp Göteborg)
Malware analysis as a hobby (Owasp Göteborg)
 
Malware Analysis as a Hobby
Malware Analysis as a HobbyMalware Analysis as a Hobby
Malware Analysis as a Hobby
 
Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)
 
Sans och vett på Internet
Sans och vett på InternetSans och vett på Internet
Sans och vett på Internet
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
 
Hur man kan testa sin HTTPS-server
Hur man kan testa sin HTTPS-serverHur man kan testa sin HTTPS-server
Hur man kan testa sin HTTPS-server
 
OWASP AppSec Research 2010 - The State of SSL in the World
OWASP AppSec Research 2010 - The State of SSL in the WorldOWASP AppSec Research 2010 - The State of SSL in the World
OWASP AppSec Research 2010 - The State of SSL in the World
 
Enkla hackerknep för testare
Enkla hackerknep för testareEnkla hackerknep för testare
Enkla hackerknep för testare
 
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
 
Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19
 
Privacy in Wireless Networks
Privacy in Wireless NetworksPrivacy in Wireless Networks
Privacy in Wireless Networks
 
Network Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and PracticeNetwork Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and Practice
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
 
Snort
SnortSnort
Snort
 

Kürzlich hochgeladen

how can I send my pi coins to Binance exchange
how can I send my pi coins to Binance exchangehow can I send my pi coins to Binance exchange
how can I send my pi coins to Binance exchange
DOT TECH
 
Will pi network launch in 2024: what's the update.
Will pi network launch in 2024: what's the update.Will pi network launch in 2024: what's the update.
Will pi network launch in 2024: what's the update.
DOT TECH
 
Abhay Bhutada: A Journey of Transformation and Leadership
Abhay Bhutada: A Journey of Transformation and LeadershipAbhay Bhutada: A Journey of Transformation and Leadership
Abhay Bhutada: A Journey of Transformation and Leadership
Vighnesh Shashtri
 
Severe Global Financial Crisis Triggered in 2008
Severe Global Financial Crisis Triggered in 2008Severe Global Financial Crisis Triggered in 2008
Severe Global Financial Crisis Triggered in 2008
pravanbg1
 
how do i convert pi coins to usdt easily.
how do i convert pi coins to usdt easily.how do i convert pi coins to usdt easily.
how do i convert pi coins to usdt easily.
DOT TECH
 
First Order System Time Resphhhonse.pptx
First Order System Time Resphhhonse.pptxFirst Order System Time Resphhhonse.pptx
First Order System Time Resphhhonse.pptx
joshuaclack73
 
Introduction to Economics II Chapter 28 Unemployment (1).pdf
Introduction to Economics II Chapter 28 Unemployment (1).pdfIntroduction to Economics II Chapter 28 Unemployment (1).pdf
Introduction to Economics II Chapter 28 Unemployment (1).pdf
Safa444074
 
State Space Tutorial.pptxjjjjjjjjjjjjjjj
State Space Tutorial.pptxjjjjjjjjjjjjjjjState Space Tutorial.pptxjjjjjjjjjjjjjjj
State Space Tutorial.pptxjjjjjjjjjjjjjjj
joshuaclack73
 

Kürzlich hochgeladen (20)

how can I send my pi coins to Binance exchange
how can I send my pi coins to Binance exchangehow can I send my pi coins to Binance exchange
how can I send my pi coins to Binance exchange
 
Monthly Market Risk Update: May 2024 [SlideShare]
Monthly Market Risk Update: May 2024 [SlideShare]Monthly Market Risk Update: May 2024 [SlideShare]
Monthly Market Risk Update: May 2024 [SlideShare]
 
Will pi network launch in 2024: what's the update.
Will pi network launch in 2024: what's the update.Will pi network launch in 2024: what's the update.
Will pi network launch in 2024: what's the update.
 
Canvas Business Model Infographics by Slidesgo.pptx
Canvas Business Model Infographics by Slidesgo.pptxCanvas Business Model Infographics by Slidesgo.pptx
Canvas Business Model Infographics by Slidesgo.pptx
 
What is an ecosystem in crypto .pdf
What is an ecosystem in crypto .pdfWhat is an ecosystem in crypto .pdf
What is an ecosystem in crypto .pdf
 
where can I purchase things with pi coins online
where can I purchase things with pi coins onlinewhere can I purchase things with pi coins online
where can I purchase things with pi coins online
 
Abhay Bhutada: A Journey of Transformation and Leadership
Abhay Bhutada: A Journey of Transformation and LeadershipAbhay Bhutada: A Journey of Transformation and Leadership
Abhay Bhutada: A Journey of Transformation and Leadership
 
Severe Global Financial Crisis Triggered in 2008
Severe Global Financial Crisis Triggered in 2008Severe Global Financial Crisis Triggered in 2008
Severe Global Financial Crisis Triggered in 2008
 
Digital Finance Summit 2024 Partners Brochure
Digital Finance Summit 2024 Partners BrochureDigital Finance Summit 2024 Partners Brochure
Digital Finance Summit 2024 Partners Brochure
 
how can I sell my pi coins in the United States at the best price
how can I sell my pi coins in the United States at the best pricehow can I sell my pi coins in the United States at the best price
how can I sell my pi coins in the United States at the best price
 
how do i convert pi coins to usdt easily.
how do i convert pi coins to usdt easily.how do i convert pi coins to usdt easily.
how do i convert pi coins to usdt easily.
 
First Order System Time Resphhhonse.pptx
First Order System Time Resphhhonse.pptxFirst Order System Time Resphhhonse.pptx
First Order System Time Resphhhonse.pptx
 
Bond Bazaar Powerpoint Presentation in Details
Bond Bazaar Powerpoint Presentation in DetailsBond Bazaar Powerpoint Presentation in Details
Bond Bazaar Powerpoint Presentation in Details
 
how to exchange pi coins for USD in 2024.
how to exchange pi coins for USD in 2024.how to exchange pi coins for USD in 2024.
how to exchange pi coins for USD in 2024.
 
How can I sell my Pi coins in Vietnam easily?
How can I sell my Pi coins in Vietnam easily?How can I sell my Pi coins in Vietnam easily?
How can I sell my Pi coins in Vietnam easily?
 
Human Capital: Education and Health in Economic Development
Human Capital: Education and Health in Economic DevelopmentHuman Capital: Education and Health in Economic Development
Human Capital: Education and Health in Economic Development
 
Introduction to Economics II Chapter 28 Unemployment (1).pdf
Introduction to Economics II Chapter 28 Unemployment (1).pdfIntroduction to Economics II Chapter 28 Unemployment (1).pdf
Introduction to Economics II Chapter 28 Unemployment (1).pdf
 
Fintech Belgium General Assembly and Anniversary Event 2024
Fintech Belgium General Assembly and Anniversary Event 2024Fintech Belgium General Assembly and Anniversary Event 2024
Fintech Belgium General Assembly and Anniversary Event 2024
 
State Space Tutorial.pptxjjjjjjjjjjjjjjj
State Space Tutorial.pptxjjjjjjjjjjjjjjjState Space Tutorial.pptxjjjjjjjjjjjjjjj
State Space Tutorial.pptxjjjjjjjjjjjjjjj
 
how can i trade pi coins for Bitcoin easily.
how can i trade pi coins for Bitcoin easily.how can i trade pi coins for Bitcoin easily.
how can i trade pi coins for Bitcoin easily.
 

Overcoming USB (In)Security

Hinweis der Redaktion

  1. Ladies and Gentlemen, Thank you for having me. I understand that I am between you and your lunch, so please bear with me while I will discuss a very important problem that is often overlooked. My name is Michael Boman and I am a IT Security Researcher and Developer with over 8 years experience in the field. My day job is to think up technical solutions to improve my employer's bottom line. But for fun I research IT security and privacy issues. My current projects includes automated malware analysis and turning a standard Linksys router into a powerful detection system for attacks on the Internet. Today I will share with you my findings and opinions on the risks associated with USB storage devices and removable storage in general.