LOTHardware LOTHardware

A defensive catalog of malicious USB and HID attack hardware, with the USB identifiers and Sigma detection rules defenders need to detect and block them.

Living Off The Hardware is a resource collection that helps you identify and understand malicious hardware and attack capable devices. Definitions for these devices are shared below, and you can use them to create blocking rules in your AV and EDR security solutions. Each device comes with sample usage and a list of its identifiers.

Please note that the values listed are the default ones, and an attacker can change these IDs if they want to. Completely preventing malicious USB devices is not always feasible, since IDs can be spoofed, so treat these values as indicators rather than guarantees.

Want to contribute? To add a device, open a pull request on GitHub. To request a device or report an error, open an issue or email [email protected].

You can download the JSON version of the project from this link

Bash Bunny Bash Bunny
Crazyradio PA Crazyradio PA
Cynthion Cynthion
Evil Crow Cable Evil Crow Cable
GreatFET One GreatFET One
HackRF One HackRF One
Key Croc Key Croc
LAN Turtle LAN Turtle
MalDuino MalDuino
O.MG Cable O.MG Cable
Raspberry Pi Pico Raspberry Pi Pico
Screen Crab Screen Crab
Shark Jack Shark Jack
STM32 Blue Pill STM32 Blue Pill
USB Killer USB Killer
USBNinja USBNinja
WHID Elite WHID Elite
WiFi Duck WiFi Duck
Hak5 Rubber Ducky Hak5 Rubber Ducky
Arduino Pro Micro Arduino Pro Micro
Digispark Attiny85 Digispark Attiny85
Lilypad Attiny85 Lilypad Attiny85
Flipper Zero Flipper Zero
Sandisk Ultra 16GB Sandisk Ultra 16GB
Teensy Teensy
USB Nova USB Nova
Cactus WHID Cactus WHID
Logitech Unifying Receiver Logitech Unifying Receiver
Nordic NRF52840 Nordic NRF52840