Removable Media is a security headache for many organizations, whether USBs, Memory Cards, External HDD, CD/DVDs or Mobile Phones. USB attacks in particular come in many different forms, and researchers at Ben-Gurion University identified 29 Different Types of USB-based Attacks. One of them is the Device Firmware Upgrade (DFU) attack which exploits “a legitimate process supported by the USB standard, to update local legitimate firmware to a malicious version,” said Catalin Cimpanu. In this blog we’re going to simulate a DFU attack where an employee brings a USB drive containing a malicious firmware upgrade executable file into a corporate network, and how OPSWAT’s MetaDefender Kiosk can help prevent this type of attack. Developing the Attack We will be utilizing msfvenom, a common exploit tool for generating and encoding payloads, with a few advanced options to generate a malicious firmware upgrade file. Here we are simulating an attack with a C