Living Off The Hardware is a resource collection that provides guidance on identifying and utilizing malicious hardware and malicious devices. Definitions for these devices are shared below. You can create blocking definitions in your AV/EDR security solutions. Each device will have sample usage and a definition list.
Please note that the values in the list are default values and it should be remembered that the attacker can alter the ID values if desired. It is important to acknowledge that completely preventing malicious USBs is not always feasible, as ID spoofing can be employed. If you believe there are errors or if you would like to suggest the addition of specific devices, please contact us at [email protected].
This project was created by Enes Ilhan Aydin.
You can download the JSON version of the project from this link
| Device | Tags |
|---|---|
| Hak5 Rubber Ducky | |
| Arduino Pro Micro | |
| Digispark Attiny85 | |
| Lilypad Attiny85 | |
| Flipper Zero | |
| Sandisk Ultra 16GB | |
| Teensy | |
| USB Nova | |
| Cactus WHID | |
| Logitech Unifying Receiver | |
| Nordic NRF52840 |