Hak5 Releases New Video on Remote Payload Triggering via Bluetooth Low Energy

In this new video from the Hak5 channel, Glitch presents an ingenious method for remotely triggering a payload on a Bash Bunny Mark I using Bluetooth Low Energy (BLE) technology. This feature, available since the launch of the Bash Bunny Mark I, allows control over when the payload is executed, offering increased flexibility for penetration testing. Glitch begins by explaining what Bluetooth Low Energy is. Unlike traditional Bluetooth, BLE does not require a handshake to establish a connection. Instead, a BLE device simply broadcasts packets containing a header, a unique identifier, and other information such as the device name or battery level. This technology is commonly used in devices like wireless headphones, smartwatches, or Apple AirTags. In the context of the Bash Bunny, two specific commands are used to interact with BLE devices: "wait for present" and "wait for not present". The "wait for present" command allows the Bash Bunny to wait for the detection of a specific device before triggering the payload. This can be useful to avoid early detection or to ensure the payload is executed at the right moment. For example, a penetration tester could pay a janitor to place the Bash Bunny on a target system, and the payload would only be triggered when the tester is ready. The "wait for not present" command, on the other hand, allows the payload to be triggered when the specific device is no longer detected. This can be used to execute the payload when the target leaves their workstation, for example, to go to the bathroom or get coffee. Glitch illustrates this method using an application called nRF Connect on an Android device to broadcast a specific device name, "testdev". When the Bash Bunny detects this device name, it executes the payload, which in this case simply displays "Hello World" in a terminal window. Glitch emphasizes that this method can be used for more complex actions, such as dropping an exploit, establishing persistence, or displaying an image. He also mentions that similar applications exist on iOS, allowing the broadcast of arbitrary device names. In conclusion, this video demonstrates a creative and practical use of Bluetooth Low Energy to control the triggering of payloads on a Bash Bunny. This technique offers increased flexibility and can be adapted to various penetration testing scenarios, making operations more discreet and effective. For more details, watch the full video: https://www.youtube.com/watch?v=bZnIq8NLqdg