SecTor 2022: The Power of the Pico
I’m excited to share that I will be speaking at SecTor this year in the tools track. While the SecTor schedule is not yet finalized, I’m currently listed as speaking at 10:15am on October 6th. The talk, The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico, will cover how to use a Raspberry Pi Pico to perform BadUSB attacks. There are commercial tools out there that will perform these attacks such as the Hak5 USB Rubber Ducky and the FlipperZero, but the idea here is to make it as cheap and accessible as possible.
As is often the case in tech, this talk is not based on a new idea. Even the idea of using the Pico as a hacking device isn’t new. However, several activities motivated me to push my version of the idea further. Over the summer of 2021, I had built a cheap StreamDeck alternative using a Pico and an RGB Keypad. This work got me really interested in using the Pico as an HID and I wanted to do more. When I found out that SecTor 2021 was a go and we’d be bringing back the IoT Hack Lab, I was excited to meet up with colleagues that I hadn’t seen since before the pandemic and bring something new and exciting to surprise them with. So, I sat down and wrote some code to perform a BadUSB attack using the Pico and brought the device with me to SecTor in 2021.
I ended up demoing the thing for the entire duration of the conference. People were constantly coming up to discuss it and see it in action, really impressed by the simplicity of it. I spoke with a few people who had written their own implementations for use in their own research, but they hadn’t discussed it publicly. That was when I decided I want to beef up my code and give it a proper release, which is exactly what will happen at SecTor.
During the talk, we’ll discuss the Pico itself and look at the Python code that I developed to make it do what it does. We’ll talk about where to get my code and the payloads that I’ve developed for demonstration purposes. If you’re brand new to microcontrollers, you’ll learn a few things, but even if you’ve used similar projects in the past, you might still pick up a few tips and tricks that can be used to your advantage in the future.
We all know that the first session of the day on the second day of a con is where people sip coffee and shake off their hangovers. If you’re looking for some fun, geeky conversation that isn’t going to melt your mind but will still be interesting, then I recommend coming to hang out with me for The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico.
The post ” SecTor 2022: The Power of the Pico” appeared first on TripWire
Source:TripWire – Tyler Reguly