Last month, I shared a list of safe and legal “Cybersecurity Resources”, covering websites, videos, training, ethical hacking, etc.
This article will provide more details regarding these hardware tools and their usage.
NOTE: These tools must be used legally/ethically. For example, I use them for education, penetration testing, etc.
Hak5 Rubber Ducky
The Hak5 Rubber Ducky is a seemingly harmless USB drive (USB-A and USB-C interface). However, it is actually a hotplug attack tool, targeting keystroke injection. It is a hacker culture icon (as seen on Mr. Robot).
The premise, computers trust humans and humans use keyboards. Therefore, the Hak5 Rubber Ducky pretends to be a USB keyboard, automating keyboard entries.
Through the use of DuckySrcipt (scripting language), automated payloads can be easily created and executed. This includes features to fingerprint devices (operating system identification), and mimic human typing cadence, whilst evading endpoint restrictions and firewalls.
Hak5 WiFi Pineapple
The Hak5 WiFi Pineapple (Mark VII shown below) is a portable wifi penetration testing tool.
It can perform and automate a wide range of wifi-based campaigns, including auditing, surveillance, reconnaissance, man-in-the-middle, etc.
As highlighted by the video below, the Hak5 WiFi Pineapple includes an intuitive web interface for configuration.
Finally, it includes three dedicated role-based radios, with three high-gain antennas, supporting 2.4GHz 802.11 b/g/n and 5GHz 802.11 ac via a module.
The Flipper Zero is a standalone, multi-functional device developed for interaction with access control systems.
It is highly versatile and able to read, copy, or emulate RFID and NFC tags, radio remotes, infrared transmissions, iButton, and digital access keys. It also includes a GPIO interface and can act as a BadUSB device, targetting keystroke injection and accepting the previously mentioned scripting language (DuckyScript) used by the Hak5 Rubber Ducky.
The Flipper Zero firmware is based on the FreeRTOS operating system, with its own software abstraction over the hardware layer.
Like the Hak5 Rubber Ducky, it has become a hacker culture icon, being banned from Amazon and certain geographies.