Malware contained environment

For the sake of the learning, let’s say I have some USB drives which are likely malicious and carry some payload such as a Rubber Ducky but the details past that are unclear. What steps should I take to examine the USB?

From my current knowledge, I’d use a VM on a freshly imaged laptop but I’m not sure what else would be important to do.

I’ve read it’s unlikely that malware could get through a VM but I’ve heard of some cases.

You should disconnect from all networks and afterward wipe the computer clean sometimes even swap out the hdd or ssd

1 Like

You can get write/data blockers (USB condoms), highly advise them to use at public charging ports or stations. Another recommendation is to just use Linux to mount the USB drive as read-only (software). There’s a DIY one that was presented at black hat a while ago.

1 Like

Using VM is nice, but at the same time make yourself air-gapped, update your vm in order to prevent vm escaping

You could use a VM, or if you have the budget. Take the NIC out of a old laptop and test it there!

This topic was automatically closed after 121 days. New replies are no longer allowed.