English | Size: 822 MB (862,240,358 bytes)
Category: Tutorial
This course will cover USB in detail with an emphasis on understanding USB Mass Storage devices (also known as flash drives or thumb drives).By the end of this course students will know how to sniff USB traffic using open source tools, be able to write-block USB mass storage devices using software and microcontroller-based hardware, be able to impersonate other USB devices, and understand how to make forensic duplicates of USB mass storage devices. Along the way students will also learn how to use microcontrollers and Udev rules.
A non-exhaustive list of topics includes:
USB basics
USB hardware
USB versions
Connection process
USB classes
HID
Mass storage
Others
USB endpoints
Interupt
Bulk
Isochronous
Control
Descriptors
Device
Interface
Configuration
Endpoint
String
Mass Storage Basics
Presentation (SCSI hard drive)
NAND flash limitations
Communication
Command Block Wrappers
Data transport phase
Command Status Wrappers
Making forensic images and duplicates
FTDI Vincullum II microcontroller
Simple compact duplicator
Reading sectors
Main processing loops
Hardware implementation
Programming the hardware
Improving performance
More user friendly duplicator
Adding an LCD screen
USB Write blocking
Motivation
Software write blocker
Hardware write blocker
Mitigation of BadUSB and similar threats
USB Impersonation
Motivation
High level design
Timers
Descriptor request handler
GPIO (buttons and displays)
Software
Hardware
Buttons
LEDs
LCDs
Leveraging Open Source
lsusb
understanding Linux USB busses
dmesg
sniffing USB traffic
usbmon
WireShark
Viewing descriptors in WireShark
Dealing with Windows-only devices
Using udev rules
Reviews
There are no reviews yet.