This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation. The target audience should have a basic understanding of Wireshark, ARP spoofing, and reverse shells. Additional info: https://www.n00py.io/2017/01/control-your-mac-with-an-iphone-app-an-analysis-of-hipporemote/ https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/ https://github.com/n00py/AngryHippo - Exploiting the HippoConnect protocol for HippoRemote https://github.com/n00py/Dissonance - Rogue Synergy server

Recorded at NolaCon 2018