2025-08-05 –, Opal
Don't plug in devices you don't trust - It's an often repeated mantra everywhere from the workplace to the movies. But, have you ever wondered how it works in real life, and what the risks truly are?
This training covers the basics of Hak5's DuckyScript-Language (Version 3) and how to utilize O.MG Devices to develop HID based attacks.
Learn the basics of Hak5's DuckyScript, how to script human input, how to GeoFence, Remote Control, and much more. This workshop covers exploiting the "human factor" of security and will go over Physical Red Team Assessments, Attacks, and normalizing strategies to improve reliability and performance of your scripts.
This beginner-friendly training will be approximately 4 hours and introduces attendees to the world of physical red teaming using O.MG Devices. This training is meant for those with minimal prior experience covers the fundamentals of HID (Human Interface Device) attacks, ethical hacking, and how attackers exploit physical access to systems using tools that emulate keyboards and mice. Participants will learn how to use the O.MG Plug. Attendees will be encouraged to bring their own devices, however O.MG Plugs will be able to purchased to ensure uniformity of the training. While the class focuses on O.MG devices, the techniques and scripting knowledge are transferable to other DuckyScript-compatible devices like those offered by Hak5.
The trainers have a variety of experiences including experience with blue teaming, red teaming (physical attacks), and accessibility. Each trainer will bring these unique personal experiences to the attendees and introduce use cases common tools, deployment strategies, and the truth behind popular portrayals of hacking. It then delves into the technical workings of USB HID protocols and how DuckyScript leverages them to automate keystrokes, launch payloads, and even initiate wireless or geo-fenced commands.
Students will get hands-on experience flashing, configuring, and scripting O.MG Devices. The course also covers payload design—emphasizing reliability, stealth, and accessibility—and explores advanced features such as remote control, C2 (Command and Control) integration, and security best practices.
No prior scripting experience is required, though basic familiarity with networking and operating systems will be helpful. Students must bring their own laptop. By the end of the course, students will have a strong foundational understanding of HID-based attacks, be able to create and deploy basic payloads, and appreciate the role of human factors in security breaches.
Wednesday if possible due to flight itinerary of one of our workshop presenters
The partially blind Hawaiian priest. Builds accessibility tools for self reliance.
Educator, hands-on hacker, and Blue Team strategist exploring the frontiers of embedded systems, AI, academic research, and competitive challenges. Previously spoken a number of conferences including DefCon, SCALE, BSides LA, and ShellCon to name a few.