This (and last) week, we’ve been working on the demos and the board. Although the board is still being worked on, our demonstrations were finalized in this session and are going to be shown to the company on the 24th November (hopefully it goes well)!
In order to finish up our demonstrations, we needed to write some brief instructions on how to get them to work. Our final demonstrations ended up being:
- A USB Killer which demonstrates how dangerous a USB can be. This USB Killer will, as the name suggests, kill the device that it is plugged into in a matter of seconds. This can be devastating for a business because one of these can destroy lots of expensive computers quickly.
- A Bad USB which is a USB powered Christmas Tree which acts like a USB keyboard. This keyboard access is abused to quickly type in commands to the computer to make it appear to be a victim of a ransomware attack (although, it could be programmed to actually install ransomware).
- A password brute-force which consists of a login page that we have made (as it would be illegal to do it on any website) and a command that is run. This command will test the most common passwords against this login page until it finds one that works. This demonstrates how important it is to use a long, complex password and 2 factor authentication.
- An SQL injection attack which again is another website that we have made, this one is a blog that has a comments box. This website, however, is not properly secured, so by typing in a special command into the comments box, we can trick the server into giving us back a list of the users registered on the website along with their passwords.
All of these should help to highlight some common attacks that could happen on a business and will show the employees and executives how important cyber security is to a company. We’ll tell you how it goes in the next blog post.