Seven Deadliest USB Attacks book cover

Seven Deadliest USB Attacks

Seven Deadliest USB Attacks provides a comprehensive view of the most serious types of Universal Serial Bus (USB) attacks. While the book focuses on Windows systems, Mac, Linux, and UNIX systems are equally susceptible to similar attacks. The book consists of seven chapters that cover the following: (i) USB Hacksaw; (ii) the USB Switchblade; (iii) viruses and malicious codes; (iv) USB-based heap overflow; (v) the evolution of forensics in computer security; (vi) pod slurping; and (vii) the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements. This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. The attacks outlined in this book are intended for individuals with moderate Microsoft Windows proficiency.

Audience

Information security professionals of all levels; web application developers; recreational hackers

Paperback, 256 Pages

Published: April 2010

Imprint: Syngress

ISBN: 978-1-59749-553-0

Reviews

  • "Seven Deadliest USB Attacks provides real-world insight into issues a good deal of computer users don't even realize exist. The author's clear voice profiles attack scenarios, tools, as well as mitigation techniques. This book raises the right questions and provides the right answers" - Mirko Zorz, Editor in Chief of Help Net Security and (IN)SECURE Magazine


Contents


  • About the Authors

    Introduction

    Chapter 1 USB Hacksaw

        Sharing Away Your Future

        Anatomy of the Attack

             Universal Serial Bus

             U3 and Flash Drive CD-ROM Emulation

             Inside the Hacksaw Attack

             Hacksaw Removal

        What Is the Big Deal?

             Regulators, Mount Up

        Evolution of the Portable Platform

             Portable Platforms

             Hacksaw Development

        Defending against This Attack

        Summary

        Endnotes

    Chapter 2 USB Switchblade

        Passing Grades

        Inside the Switchblade

             Switchblade Tool Summaries

             Switchblade Assembly

        Why Should I Care?

        Evolving Aspects

             Privilege Elevation

        Defensive Techniques

             System Execution Prevention and USB Antidote

             Biometrics and Token Security

             Password Protection Practices

             Windows Group Policy Options

             Browser Settings and Screen Savers

        Summary

    Chapter 3 USB-Based Virus/Malicious Code Launch

        Invasive Species among Us

             An Uncomfortable Presentation

        Anatomy of the Attack

             Malicious Code Methodologies

             Autorun

             How to Recreate the Attack

        Evolution of the Attack

        Why All the Fuss?

             Botnets

             Distributed Denial-of-Service Attacks

             E-mail Spamming

             Infecting New Hosts

             Identity Theft

             Transporting Illegal Software

             Google AdSense and Advertisement Add-On Abuse

        Defending against This Attack

             Antimalware

        Summary

        Endnotes

    Chapter 4 USB Device Overflow

        Overflow Overview

        Analyzing This Attack

             Device Drivers

             Going with the Overflow

             USB Development and the Hole in the Heap

        Ever-Present Exposures

        Overflow Outlook

        Defensive Strategies

             Drivers

             Physical Protection Mechanisms

        Summary

        Endnote

    Chapter 5 RAM dump

        Gadgets Gone Astray

        Digital Forensic Acquisition Examination

             Computer Online Forensic Evidence Extractor or Detect and Eliminate Computer-Assisted Forensics?

             Memory Gatherings

             Reconstructing the Attack

        Mind Your Memory

        Advancements in Memory Analysis

             ManTech DD

             Additional Analysis Tools

             Future Memories

             The Room with an Evil View

        Hindering the Gatherers

             Security Framework, Programs, and Governance

             Trackers and Remote Management

             BIOS Features

             Trustless Execution Technology and Module Platform

             Enhancing the Encryption Experience

             BitLocker and TrueCrypt

        Summary

        Endnotes

    Chapter 6 Pod Slurping

        Attack of the Data Snatchers

        Anatomy of a Slurp

             How to Recreate the Attack

        Risky Business

             Pod Proliferation

        Advancements in This Attack

             Breaking Out of Jobs’ Jail

        Mitigating Measures

             Put Your Clients on a Data Diet

             Hijacking an iPhone

        Summary

        Endnotes

    Chapter 7 Social Engineering and USB Come Together for a Brutal Attack

        Brain Games

        Hacking the Wetware

             Reverse Social Engineering

             Penetration of a Vulnerable Kind

        Elevated Hazards

             Legitimate Social Engineering Concerns

        Generations of Influences

             USB Multipass

        Thwarting These Behaviors

             Security Awareness and Training

             Behavioral Biometrics

             Windows Enhancements

        Summary

        Overview

        Endnotes

    Index






Advertisement

advert image