For the sake of the learning, let’s say I have some USB drives which are likely malicious and carry some payload such as a Rubber Ducky but the details past that are unclear. What steps should I take to examine the USB?
From my current knowledge, I’d use a VM on a freshly imaged laptop but I’m not sure what else would be important to do.
I’ve read it’s unlikely that malware could get through a VM but I’ve heard of some cases.
You can get write/data blockers (USB condoms), highly advise them to use at public charging ports or stations. Another recommendation is to just use Linux to mount the USB drive as read-only (software). There’s a DIY one that was presented at black hat a while ago.