I’m excited to share that I will likely be talking at SecTor this 12 months within the instruments monitor. Whereas the SecTor schedule shouldn’t be but finalized, I’m presently listed as talking at 10:15am on October 6th. The speak, The Energy of the Pico: Changing Costly Toys with the Raspberry Pi Pico, will cowl the right way to use a Raspberry Pi Pico to carry out BadUSB assaults. There are industrial instruments on the market that can carry out these assaults such because the Hak5 USB Rubber Ducky and the FlipperZero, however the thought right here is to make it as low-cost and accessible as doable.
As is usually the case in tech, this speak shouldn’t be primarily based on a brand new thought. Even the concept of utilizing the Pico as a hacking gadget isn’t new. Nevertheless, a number of actions motivated me to push my model of the concept additional. Over the summer time of 2021, I had constructed an inexpensive StreamDeck various utilizing a Pico and an RGB Keypad. This work bought me actually all for utilizing the Pico as an HID and I needed to do extra. Once I discovered that SecTor 2021 was a go and we’d be bringing again the IoT Hack Lab, I used to be excited to fulfill up with colleagues that I hadn’t seen since earlier than the pandemic and convey one thing new and thrilling to shock them with. So, I sat down and wrote some code to carry out a BadUSB assault utilizing the Pico and introduced the gadget with me to SecTor in 2021.
I ended up demoing the factor for your entire length of the convention. Individuals had been always coming as much as talk about it and see it in motion, actually impressed by the simplicity of it. I spoke with just a few individuals who had written their very own implementations to be used in their very own analysis, however they hadn’t mentioned it publicly. That was once I determined I wish to beef up my code and provides it a correct launch, which is precisely what is going to occur at SecTor.
Through the speak, we’ll talk about the Pico itself and take a look at the Python code that I developed to make it do what it does. We’ll discuss the place to get my code and the payloads that I’ve developed for demonstration functions. If you happen to’re model new to microcontrollers, you’ll be taught just a few issues, however even if you happen to’ve used comparable initiatives up to now, you may nonetheless decide up just a few ideas and tips that can be utilized to your benefit sooner or later.
Everyone knows that the primary session of the day on the second day of a con is the place individuals sip espresso and shake off their hangovers. If you happen to’re on the lookout for some enjoyable, geeky dialog that isn’t going to soften your thoughts however will nonetheless be fascinating, then I like to recommend coming to hang around with me for The Energy of the Pico: Changing Costly Toys with the Raspberry Pi Pico.