Q Division: Hardware Tools for Close Quarter Hacking

Rogan Dawes
Training | August 5 - 6 | 2 days


Q Division: Hardware Tools for Close Quarter Hacking

Rogan Dawes

Book Now

Learning how and when to utilise hardware based tools and attacks in your quest to obtain, maintain and manage access is essential. The Q Division course will expose you to the tools, techniques and coolness that surrounds close quarter hacking with hardware.


Pwning like it's a movie scene is a dream for most of us. Using cool gadgets like you are James Bond being supplied gadgets from the Q Division is an even greater dream. This course will ensure you become that person!

Learning how and when to utilise hardware based tools and attacks in your quest to obtain, maintain and manage access is an essential skill for physical penetration tests, red teaming and even to better understand the real world risks.

Q Division: Hardware tools for close quarter hacking brings together the theory and practical operation of a bunch of cool hardware tools that can be used when you can gain physical or nearby access to an environment.

We will explore things like Ethernet Person in the Middle techniques, HID attacks (from Rubber Duckies to WHID, P4wnP1 A.L.O.A and O.MG cable), RF peripheral hacks from MouseJacking to LOGITacker, and covert channel devices (like USaBUSe).

This two day course thus intro you into the fast moving, hard hitting, powerful harware related hacking scene.

Come explore, learn and pwn with us!


- Intermediate level technical understanding although only a beginner level of hardware related tooling is required.
- Anyone wishing to take their red teaming skills and tools to the next level.
- Members of support teams for James Bond.


  • Understanding the possibilities, scope and complexity of network Person in the Middle attacks.
  • Realising the impact of being able to plug a USB device into a target, and being able to execute that impact yourself.
  • Sometimes you don't even have to plug your own devices into the target.




Close quarters attack surface, and the gadgets you need to exploit it


  • Drop boxes - Practical: OS setup
  • Possibilities of a remote system - Practical: Remote PCAP
  • Avoiding detection - Practical: Making Linux DHCP look like Windows
  • Transparent proxying of intercepted devices - Practical: Bridge Configuration
  • Capturing credentials with PCredz
  • Dealing with 802.1x
  • Auto-configuration using slimjim
  • WiFi, GSM and other remote access techniques
  • Connection interception and tampering - Practical: iptables, redsocks and Mallet

USB Attacks

  • Class Driver basics
  • HID Attacks
    • Minimising on-screen time
    • Target runtimes: power shell, C#, more ...
    • Targeting specific devices (MAC addresses, antennas) - Practical: P4wnP1 covert shell
    • Typed payload basics
    • Mouse jiggling
    • Payloads (traditional, advanced)
    • HID over RF
    • Mouse Jacking
    • DuckyScript vs HIDScript - Practical: Using P4wnP1 HIDScript with Keyboard LED feedback
    • USaBUSe
    • Covert channels - Practical: P4wnP1 covert shell
    • LOGITacker - Practical: LOGITacker covert shell
  • Network interfaces - Practical: Attacking systems using P4wnP1 USB network interfaces
  • Mass storage
  • Other types of USB devices
  • Disguising malicious devices
    • O.MG Cable
    • Implanting in innocent carriers


  • In-depth Networking Knowledge


Hardware Requirements

  • Laptop (x86/64 based)
  • Macbooks with Apple Silicon are not supported
  • Make sure you have 2 USB A sockets to connect the provided hardware

Software Requirements

  • Windows / Linux / macOS (intel)
  • One of the following virtualization suites:
    • VMWare Player
    • VMWare Workstation
    • VMWare Fusion
    • VirtualBox
  • A throwaway Windows VM as a target for HID attacks


Rogan Dawes is a senior researcher at Orange Cyber Defence and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague’s frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies; WebScarab. In recent years, Rogan has turned his attentions towards hardware hacking; and these days many suspect him to be at least part cyborg. A good conversation starter is to ask him where he keeps his JTAG header.


The SensePost Training team have trained thousands of students on the art of network and application exploitation for the past two decades. It’s safe to say we enjoy teaching others how to hack networks and applications. Our courses are developed from the work we perform for clients, so that you get a better understanding of how to exploit real-world scenarios.