Simple play icon Course

Initial Access with the Bash Bunny

by FC

In this course, you will learn how to gain that crucial initial access using a hardware device called a Bash Bunny. You will explore how to leverage Human Interface Device (HID) emulation to compromise targets, and how to write your own scripts to create custom payloads.

What you'll learn

One of the most important parts of a Red Team engagement is the initial access and how to exfiltrate important information to help you gain a deeper foothold into your target environment. In this course, Initial Access with Bash Bunny, you will learn the capabilities of the BashBunny and why it is a key initial access tool in the red team toolkit. Threat actors take advantage of physical access to devices in order to obtain credentials stored on the device. APT groups such as DarkVishnya have used Bash Bunny devices to help infiltrate major banks across Europe. Having the ability to covertly plug in a device that hacks your target in seconds and pull out confidential data ready for use with no interaction required can be a game changer for red team members. You will learn how to utilize this tool to help you achieve your red team goals. Within this course you will learn about bunny scripts, how to load them and even modify them to help obtain and exfiltrate key files and information from your target. The Bash Bunny is amazingly adaptable and can also be used to launch a number of attacks at multiple stages of the cyber kill chain including launching stagers for Empire (covered in Pluralsight course Command and Control with Empire) and you will also show you where to find additional resources to help craft your perfect attack vector for those specialist jobs. When you have finished with this course, you will have the skills and knowledge to perform attacks from your team that simulate APT capability against your client

About the author

FC is a well-known ethical hacker and social engineer. He has been working in the information security field for over 20 years and excels at circumventing access controls. FC legally ‘breaks into’ hundreds of banks, offices and government facilities around the world. ​ His work demonstrating weaknesses in physical, personnel and digital controls assists organisations to improve their security. He is motivated by a drive to make individuals, organisations and countries more secure and better-able... more

Ready to upskill? Get started