Zero Trust World: Using a rubber ducky for pentesting

February 21, 2025

In this interview, Kieran Human, a special projects engineer at ThreatLocker, unpacks the Rubber Ducky, a USB device that mimics keyboard input, and its use in penetration testing and security awareness training.

Kieran details the capabilities of the Rubber Ducky, including data exfiltration, disabling security software, and bypassing MFA. He also explains how ThreatLocker mitigates the risks associated with such attacks, emphasizing a zero-trust approach and behavior-based security controls.

The interview highlights the ease with which even novice users can perform malicious actions with the device and the importance of security awareness training.

This segment is sponsored by Zero Trust World. Visit https://securityweekly.com/ztw to see all of our coverage of this event.

SC Staff

Zero Trust World

Breaking with tradition at Zero Trust World 2025

Paul WagenseilFebruary 24, 2025

The Zero Trust World 2025 conference leaned heavily into challenging established paradigms and disrupting the status quo.

Zero Trust World

Zero Trust World: Windows and Microsoft 365 security

SC StaffFebruary 21, 2025

In this interview, Adam Fuller -- a special projects engineer at ThreatLocker -- discusses Microsoft 365 and Windows security best practices.

Zero Trust World

Zero Trust World: Viable defense strategies against zero days and supply chain risks

SC StaffFebruary 21, 2025

Seamus Lennon, VP of Operations at ThreatLocker, emphasizes the importance of a zero-trust approach, particularly focusing on least privilege access control at the endpoint and application levels.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

Asymmetric Warfare