Get-USBHistory: get history of a USB flash driving using PowerShell

https://gallery.technet.microsoft.com/scriptcenter/Get-USBHistory-707e43a3

https://devblogs.microsoft.com/scripting/use-powershell-to-find-the-history-of-usb-flash-drive-usage/

OMG Cable: Offensive MG kit, open source malicious USB cable

This page will continue to be updated with info about the cable as things progress. My intent is to make these available for many of you, and open source as much as possible.[…]

http://mg.lol/blog/omg-cable/

USBCaptchaIn: Preventing (Un)Conventional Attacks from Promiscuously Used USB Devices in Industrial Control Systems

USBCaptchaIn: Preventing (Un)Conventional Attacks from Promiscuously Used USB Devices in Industrial Control Systems
Federico Griscioli, Maurizio Pizzonia
(Submitted on 11 Oct 2018)

Industrial Control Systems (ICS) are sensible targets for high profile attackers and advanced persistent threats, which are known to exploit USB thumb drives as an effective spreading vector. In ICSes, thumb drives are widely used to transfer files among disconnected systems and represent a serious security risks, since, they may be promiscuously used in both critical and regular systems. The threats come both from malware hidden in files stored in the thumb drives and from BadUSB attacks [16]. BadUSB leverages the modification of firmware of USB devices in order to mimic the behaviour of a keyboard and send malicious commands to the host. We present a solution that allows a promiscuous use of USB thumbs drives while protecting critical machines from malware, that spread by regular file infection or by firmware infection. The main component of the architecture we propose is an hardware, called USBCaptchaIn, intended to be in the middle between a critical machine and all USB devices. We do not require users to change the way they use thumb drives. To avoid human-errors, we do not require users to take any decision. The proposed approach is highly compatible with already deployed products of a ICS environment and proactively blocks malware before they reach their targets. We describe our solution, provide a thorough analysis of the security of our approach in the ICS context, and report the informal feedback of some experts regarding our first prototypes.

https://arxiv.org/abs/1810.05005

USB Type-C to Become More Secure With Authentication Standard

https://www.usb.org/node/1899

The security of USB-based connections and devices is taking a step forward, with the official launch of the USB Type-C Authentication Program on Jan. 2[…]

http://www.eweek.com/security/usb-type-c-to-become-more-secure-with-authentication-standard

 

tools to create UEFI USB boot drives

Regarding tools/scripts to generate a UEFI USB thumbdrive boot disk, there’s:

1) Rufus (a native GUI app for Windows), which has been around for years.

https://rufus.ie/

2) USB_UEFI_Shell, a Unix script, came out two weeks ago.

https://github.com/skyskyshinysky/usb_uefi_shell

3) WinInst-UEFI-USB is a macOS script that generates a Windows-centric drive, and this was initially released yesterday.

https://github.com/core-process/wininst-uefi-usb

[[I think there are a few other scripts that I’ve blogged about, but forget the project names at the moment, will create a future post when I can extend the list. There’s also the Tianocore/EDK2 script that DUET uses (or rather used, DUET was just deprecated from EDK2); I think Cloverboot has variations of that script. I guess I should also create a list of documentation that describes how to do this in the future as well. The CHIPSEC user documentation’s UEFI install instructions are one example app that includes this. There’re about a dozen other documents…]]

GPU-pass-through-compatibility-check: Automatically set up a Linux system for PCI pass-through and check if it is compatible

This project consists of 3 parts.
1) A script (gpu-pt-check.sh) that automatically checks to what extend a computer is compatible with GPU pass-through in its given configuration.
2) A script (setup.sh) that automatically installs and configures your system for GPU pass-through (Only tested on fresh installs of Fedora 28 x64 with Gnome, booted in UEFI mode!)
3) Instructions on how to create a bootable Linux USB stick that automatically runs the gpu-pt-check.sh script when you boot from it without any user interaction required.

example output

https://github.com/T-vK/GPU-pass-through-compatibility-check

USBCaptchaIn: Preventing (Un)Conventional Attacks from Promiscuously Used USB Devices in Industrial Control Systems

(Submitted on 11 Oct 2018)

Industrial Control Systems (ICS) are sensible targets for high profile attackers and advanced persistent threats, which are known to exploit USB thumb drives as an effective spreading vector. In ICSes, thumb drives are widely used to transfer files among disconnected systems and represent a serious security risks, since, they may be promiscuously used in both critical and regular systems. The threats come both from malware hidden in files stored in the thumb drives and from BadUSB attacks [16]. BadUSB leverages the modification of firmware of USB devices in order to mimic the behaviour of a keyboard and send malicious commands to the host. We present a solution that allows a promiscuous use of USB thumbs drives while protecting critical machines from malware, that spread by regular file infection or by firmware infection. The main component of the architecture we propose is an hardware, called USBCaptchaIn, intended to be in the middle between a critical machine and all USB devices. We do not require users to change the way they use thumb drives. To avoid human-errors, we do not require users to take any decision. The proposed approach is highly compatible with already deployed products of a ICS environment and proactively blocks malware before they reach their targets. We describe our solution, provide a thorough analysis of the security of our approach in the ICS context, and report the informal feedback of some experts regarding our first prototypes.

https://arxiv.org/abs/1810.05005

Umap2: USB host security assessment tool

This is not a new release, but I’m catching up with USB security tools for this blog.

Umap2 is the second revision of NCC Group’s python based USB host security assessment tool. Umap2 is developed by NCC Group and Cisco SAS team.

Features:
* USB device emulation
* USB host scanning for device support
* USB host OS detection (no implemented yet)
*  USB host fuzzing
* USB host fuzzing uses kitty as fuzzing engine

https://github.com/nccgroup/umap2

USBHarpoon Is a BadUSB Attack with A Twist

https://vincentyiu.co.uk/usbharpoon/

http://mg.lol/blog/badusb-cables/

https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

 

 

USB Charging Actually Poses Security Risks – Hacking a Laptop via a USB-C Adapter

Smartphones have been charged over USB for many years, but with the advance of USB type-C now even laptops may be charged over USB, instead of the typical DC power barrel jack.[…]

https://www.cnx-software.com/2018/08/14/usb-charging-security-risks/