Hak5: The Toy’s R Us of physical hacking tools
Where do hackers go to buy their toys? Is it the back alley of an old arcade with a guy missing an eye? Or is grandma selling cookies as a front but selling “internet cookies” from her latest exploit of the chromium browser? When it comes to collecting that data, it can’t all be done from the comfort of your desktop or laptop; sometimes, a physical intrusion of your target is necessary; this is where Hak5 takes the bag on physical hacking tools.
Hak5 was founded in 2005 stating its mission was to “advance the InfoSec industry,” according to their about page. I stumbled upon Hak5 when I was around fourteen years old. I wanted to learn how to hack things and began searching on YouTube for tutorials; Hak5 was one of the first things that returned to my screen.
Hak5 was terrific; they were constantly innovating and creating new ways to break or hack into companies’ infrastructure; this article will showcase some of my favorite tools to the ones they just released.
One of the first tools I ever purchased from them was the Rubber Ducky; I grew up watching shows like Mr. Robot and listening to talks that introduced tools like these. These tools were the foundation for a hacker breaking into a company’s internal network. The hacker would pose as something or someone that the company was scheduled to receive, whether it was maintenance or a meeting with a client. Then while asking if they could use the bathroom, they’d slip into an unmanned cubicle with a computer inside and plug in the Bash Bunny or Rubber Ducky, and it only took 30 seconds to breach a company computer!
So, I plan to cover all the Hak5 tools and then show ways of stopping such devices from being successfully deployed in your company’s network here on the TrustDigital blog! I’ll first start with the Rubber Ducky and go from there. But to show what we’ll be facing, here’s a list of the most popular tools and a short description of their purpose.
Shark Jack – This tool can be leveraged to see if drops in the building are still active or allowed to be used for a device by using scripts like Nmap and the shark jack and quickly get a list of devices and open ports on the network.
Screen Crab – The Screen Crab is a tool that links between an HDMI cable and your device, allowing an attacker to be sent screenshots of what you’re currently viewing and allowing essential documents to be captured and copied.
O.MG Cable – These cables are super malicious! They look like the standard cables you would use to charge your phone. Still, they have the capabilities of allowing an attacker to install a backdoor on your system, allowing the attacker to inject keystrokes.
The Hak5 family is massive, with tools that can fit any attack you want to perform on your next pentest. These tools will help any cyber security enthusiast grow more in their career. The About page for Hak5 lists many tv shows, movies, and documentaries showcasing Hak5 and how they’re leading the way for hacking tools. With tons of research and community requests, Hak5 will be a no-brainer for getting the latest hacking gear.
Next week we’ll show the power and the skills needed to use a Rubber Ducky.
“Trust your technolust.”