The Teensy devices ( are Arduino based devices that allow you to utilize onboard memory storage on a microcontroller and emulate a keyboard/mouse. In the Social-Engineer Toolkit (SET), gives you the ability to choose Metasploit based payloads and drop a small download stager either through WSCRIPT or through PowerShell to download a backdoor from a remote IP/machine and execute it on the system itself. Why this attack is so useful is that it emulates a keyboard 100 percent, so you can essentially bypass any autorun protections on the system since its a keyboard, not a flash drive or CD/DVD type autorun attack. SET handles the entire creation from a webserver housing the malicious payload, to the actually Metasploit handler.

Be sure to check out DerbyCon –, it’s a brand new large-scale hacker conference located in Louisville Kentucky, it’s still far off, dates are September 30 – October 2 2011. Check back for frequent updates!