conf.directory

DEF CON 30 - Jimi 'jimi2x" Allee - Chromebook Breakout - Escaping Jail Using a Pico Ducky

Jimi 'jimi2x" AlleeDEF CON
48:32
0 views
Published October 20, 2022

About this talk

Learn how we used our Pico Ducky to escape Chromebook jail, rescue our friends along the way, and have some fun Living Off the Land! Leveraging a discovered (but previously disclosed) Command Injection vulnerability in the ChromeOS crosh shell, we rabbithole into the internal ChromeOS Linux system, obtain persistence across reboots, and exfiltrate user data even before Developer Mode has been enabled. Learn how to provision and utilize local services in order to perform Privilege Escalations, and also create a 'Master Key' with the Pico Ducky and custom GTFO 1-liners, in order to perform a full Chromebook Breakout!

Topics covered

Command Injection
ChromeOS
Privilege Escalation
Pico Ducky
Akka Persistence

Stay Updated

Get notified about new features and conference additions.

Related Talks

The Art of Code - Dylan Beattie
01:00:49

The Art of Code - Dylan Beattie

Dylan Beattie
NDC Conferences
4,796,409 views
February 26 2020
Watch Now
What the heck is the event loop anyway? | Philip Roberts | JSConf EU
26:53

What the heck is the event loop anyway? | Philip Roberts | JSConf EU

Philip Roberts
JSConf EU
3,551,387 views
October 9 2014
Watch Now
Expert Talk: DevOps & Software Architecture • Simon Brown, Dave Farley & Hannes Lowette • GOTO 2021
39:51

Expert Talk: DevOps & Software Architecture • Simon Brown, Dave Farley & Hannes Lowette • GOTO 2021

Simon Brown, Dave Farley & Hannes Lowette
GOTO Conferences
3,109,641 views
February 15 2022
Watch Now
DEF CON 30 - Jimi 'jimi2x" Allee - Chromebook Breakout - Escaping Jail Using a Pico Ducky by Jimi 'jimi2x" Allee | conf.directory | conf.directory