USB Rubber Ducky + RPi 4 Runner

A Proof-of-Concept demonstrating physical access exploitation and remote payload delivery, showcasing foundational knowledge in pentesting and IoT security.

01. OVERVIEW

In enterprise security, the physical perimeter is often the final line of defense. This project explores the intersection of Physical Access Exploitation and IoT-driven Command & Control (C2).

02. METHODOLOGY

  • Stage 1: USB Rubber Ducky executes a rapid DuckyScript sequence to bypass UAC and initiate a reverse shell.
  • Stage 2: The RPi 4 acts as a "Drop-Box" with an LTE backhaul, maintaining a persistent encrypted tunnel.
  • Stage 3: Remote shell access is established via an OOB (Out-of-Band) management channel.

TECH STACK

DuckyScript Linux/Debian PowerShell Obfuscation SSH Tunneling IoT Hardening

"I don't just learn theory; I build, break, and fix."