Red Teaming activities involving physical security assessment heavily depend on covert methods and faster execution of payloads. This is achieved using Bad USB sticks convoluted with social engineering over several years. In this modern era, Blue Teaming methodologies have been evolved exponentially. The research project proposes Shell Writer a hardware tool that bypasses the current defenses making it an imperative requirement in a Physical Security Assessment Toolkit. The device acts as a keyboard when attached to a client system, and disguises itself as a human interface device (HID) and goes undetectable by defense mechanisms put up by the Client Organization. A two-step payload methodology is used in the tool making it quick and hard to defend. The tool is economical as compared to similar tools in the market. Moreover, it can be configured with a web-interface providing the Security Engineer with cross-platform access to the device Shell Writer. Automated analysis of the sensitive information extracted with a simple User Interface to manage the number of current network connections to Shell Writer can be easily monitored and maintained.
Presentation Slides are provided on the following: link