USBvalve - Expose USB activity on the fly

Presented at DEF CON 31 (2023), Aug. 12, 2023, 10 a.m. (115 minutes)

USB spreading malware is still a concern today. Over the past few months, we have witnessed an increase in malicious software exploiting USB drives to bypass security measures, even in air-gapped systems. Whenever we connect our USB drive to an "untrusted" system, numerous doubts arise: what happens behind the scenes? Is something accessing, modifying, or encrypting our files? This is where USBvalve comes in. It is an affordable dongle, built using readily available hardware, designed to reveal the true activities occurring when a USB drive is connected to a system. It can also be used to check for "BADUSB" (HID) on USB keys before inserting them into our own systems. The best part is that it's as compact as a keychain, making it convenient to carry with us at all times!

Presenters:

• Cesare Pizzi
  Cesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab. He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related and sometimes not. Doing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni'hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, etc) and CTF player.

Similar Presentations:

• 33C3 (2016) / No USB? No problem.: How to write an open source bit-bang low-speed USB stack running on a sub-$1 Cortex M0+
• Black Hat USA 2014 / BadUSB - On Accessories that Turn Evil
• ToorCon San Diego TwentyOne (2019) / Hacking Even More USB with USB-Tools