Replacing Expensive Toys with the Raspberry Pi Pico

with Tyler Reguly from Fortra

Wednesday, March 8
Noon ET


At SecTor 2021, as part of the IoT Hack Lab, I demoed a new toy I was working on – a Raspberry Pi Pico that would emulate an HID when plugged into a device and issue commands. I called it my poor person’s USB Rubber Ducky. The demo was a hit and numerous people were directed to visit us and see the tool in action. Given the popularity, I’ve spent the past year making the code more modular and flexible – allowing people to customize the device with ease. In this presentation, I will share the project, the code, and details on how to obtain the software and utilize it with your own Raspberry Pi Pico. The presentation will include a live demonstration and custom payload creation. The release of the code on Github will coincide with this presentation.  

Attendees will learn how to flash a Pico with Python, which libraries are needed to make the device work, where to find the code for the device, and how to write custom payloads to perform their own keystroke injection.   

Speaker: Tyler Reguly; Senior Manager, Security R&D ; Fortra 

Tyler Reguly is the Senior Manager, Security R&D with Fortra. Tyler has previously spoken at conferences such as SecTor and RSA and developed curriculum for and taught at Fanshawe College. Tyler’s research over the years has focused on Web Application Security and binary protocols such as SSH and DNS. He has acted as a technical editor on books covering topics such as PHP security, Nmap, and Wireshark and frequently writes for the Tripwire State of Security and other publications. Tyler has contributed to numerous industry initiatives over the years and is the co-founder of the VERT IoT Hack Lab. Finally, Tyler is a listed inventor on US 10158660 B1, a patent on the subject of Dynamic Vulnerability Correlation.   

Sharing Guidelines

This session is open to the public, as well as designated representatives of REN-ISAC member institutions. Information is classified TLP:CLEAR (REN-ISAC:PUBLIC).