in the last video we talked about re kon and what questions Attackers have to answer to make their tax more successful.
In this video, we're gonna talk about deployment and what Attackers do to make their devices more desirable to take.
All right, so the attacker has done their reconnaissance, and out comes the deployment phase piece cake, Right? Well, maybe not exactly. So of course, this this should be done after the attacker does their reconnaissance and Taylor makes her attack. Um, it may not be super easy to actually,
when the appointment comes, they
they have to do things to make the device desirable. To take a lot of times, Attackers will put devices on key chains with keys like like you see in the picture with the USB device with a bunch of those keys to maybe playing the victims
So the victim all plugged and see who it belongs to. Maybe we'll put a label on it, making enticing maybe something like confidential on it
and a lot of time Seville distress devices to make them look used and warn or any number of combination of things like that.
Um, so Attackers really need to do their homework and plan a good deployment strategy. They don't want to look suspicious at all because I could get them caught. They need to act like they belong where they're going to go.
Say, for example, it's a a business building with everyone wearing suits. So maybe it's not a good idea for the attacker to walk in there with jeans and a T shirt. That big beard. Maybe Maybe they should dress up as soon as, well, the clean shaven. It'll certainly get less attention attracted to them.
They also don't do it won't just be throwing these devices out in front of them.
They want to be just laying them down. Maybe acting like they dropped it will sit on a bench or something. Make it make it subtle.
So it's also typical to deploy several devices at once because a lot of times one isn't gonna cut it. Maybe there's a 50 50 chance, so you want more to increase those odds of one device getting taken.
And, uh, it's also not a good idea to be laying multiple of the devices out at once because that in itself is suspicious because seeing a bunch of just USB devices. Maybe the old look similar. That's that's gonna tip off some people that maybe think there's something going on there, so
usually they just deploy one at a time
and spread out the times at this point.