For the sake of the learning, let’s say I have some USB drives which are likely malicious and carry some payload such as a Rubber Ducky but the details past that are unclear. What steps should I take to examine the USB?
From my current knowledge, I’d use a VM on a freshly imaged laptop but I’m not sure what else would be important to do.
I’ve read it’s unlikely that malware could get through a VM but I’ve heard of some cases.
You can get write/data blockers (USB condoms), highly advise them to use at public charging ports or stations. Another recommendation is to just use Linux to mount the USB drive as read-only (software). There’s a DIY one that was presented at black hat a while ago.
Using VM is nice, but at the same time make yourself air-gapped, update your vm in order to prevent vm escaping
You could use a VM, or if you have the budget. Take the NIC out of a old laptop and test it there!
This topic was automatically closed after 121 days. New replies are no longer allowed.