I’m excited to share that I will be speaking at SecTor this year in the tools track. While the SecTor schedule is not yet finalized, I’m currently listed as speaking at 10:15am on October 6th. The talk, The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico, will cover how to use a Raspberry Pi Pico to perform BadUSB attacks. There are commercial tools out there that will perform these attacks such as the Hak5 USB Rubber Ducky and the FlipperZero, but the idea here is to make it as cheap and accessible as possible.

As is often the case in tech, this talk is not based on a new idea. Even the idea of using the Pico as a hacking device isn’t new. However, several activities motivated me to push my version of the idea further. Over the summer of 2021, I had built a cheap StreamDeck alternative using a Pico and an RGB Keypad. This work got me really interested in using the Pico as an HID and I wanted to do more. When I found out that SecTor 2021 was a go and we’d be bringing back the IoT Hack Lab, I was excited to meet up with colleagues that I hadn’t seen since before the pandemic and bring something new and exciting to surprise them with. So, I sat down and wrote some code to perform a BadUSB attack using the Pico and brought the device with me to SecTor in 2021.

I ended up demoing the thing for the entire duration of the conference. People were constantly coming up to discuss it and see it in action, really impressed by the simplicity of it. I spoke with a few people who had written their own implementations for use in (Read more...)