MG

@[email protected]
3K Followers
75 Following
102 Posts
Crime Aficionado
Twitterhttps://twitter.com/_MG_
I make thingshttps://o.mg.lol
MGMar 7

The industry has been chaotic lately with layoffs everywhere. My wife was just laid off, and it’s been a year since my entire Red Team got cut from my old corp job.

It means something surreal: the weird project I started in my garage is now supporting our entire family.

Honestly, that’s terrifying. But it’s also pretty incredible.

Thanks to everyone who has supported this project over the years. It started as a barely working proof of concept. But because of the support, it was able to keep evolving & pushing new boundaries. Performance has grown almost exponentially… all while LOOKING like it doesn’t do anything 😂

Show threadMGDec 19

First, this is most likely NOT a direct measure of network latency. This machine was physically located in Arizona. DPRK started off with shipping corp laptops overseas, but the network latency was a dead giveaway. So they started colocating them in the USA and remotely controlling them. First with remote control software, which is easy to identify if the company has security software on the machine. And then with hardware like IP-KVMs. There are sometimes a few tells that an IP-KVM is in use, but a well tuned one will identify exactly like a normal external keyboard/mouse/monitor. Unless…

This is where you have to start looking beyond device identity and instead look at input anomalies. Keyboard/mouse input being sent halfway across the world via network packets to an IP-KVM can look… weird. Think bursts of input. This looks very weird with mouse data that is normally smooth. But even keystrokes start to stand out when you have a big enough dataset to compare against. So, of course, you could improve the IP-KVM to smooth out and “humanize” the inputs before relaying them to the host. But…

You can also present some real time control surfaces. I don’t want to blow anyone’s defense tradecraft here. So let’s just imagine the employee needs to play a 5sec game of flappybird each day. Or maybe it’s an overt “DPRK Detector” step during login. The visual input has to travel halfway across the globe, then the input has to come all the way back. That’s a massive delay for response to visual stimulus. Certainly anomalous enough to warrant investigation. How do you beat that? Maybe an AI process running on the IP-KVM that plays DPRK Detector for you?

The arms race will continue. And it’s mostly because HR and Hiring Managers don’t want to do deeper background checks needed to identify fake/stolen identities. 🤷‍♂️

And for anyone not familiar with these hunts, the detection techniques are NOT definitive proof of wrong doing. They are simply turning a mountainous hay stack into a fistful of hay that a human can quickly sift through to look for other indicators.

Note: there are environment-specific detections as well. But I tried to stay in territory that’s applicable to everyone who has this risk in their threat model.

MGDec 19

I’m a bit concerned about the non-inquisitive celebration from infosec on this.

Where is the “what does keystroke latency even mean?” Without that, you can’t implement it for yourself, nor can you identify weaknesses.

~3yrs I was privately proposing similar options. So, AS SOMEWHAT OF A KEYBOARD EXPERT MYSELF 🤔💅, let’s look…

MGSep 8, 2025
We used to be a real country. We used to care about kerning.
MGAug 17, 2025

Ok, this thing is pretty cool.

Embedded Linux with 2.4ghz, 5ghz, & 6ghz radios. Easily replaceable battery. And most importantly, it feels solid in your hands.

Well done Hak5 crew!
Wifi Pineapple Pager is going to become a favorite for a lot of people when the preorders start shipping.

MGJul 15, 2025

My Darknet Diaries episode is live! Of all the interviews I have done, this is probably the easiest to listen to because @jackrhysider is a great storyteller.

First ~20min is a bio speed run. Then we cover OMG Cable creation & manufacturing challenges. Then some high risk customer stories (targeting US Gov assets, accessing evidence computers, etc). And spend some time on legal risks, ethics, etc

https://darknetdiaries.com/episode/161/

YT: https://youtu.be/W81oWOf_RiE

Spotify: https://open.spotify.com/episode/7tiHMnD3ejdOqqifdM4RqL

iTunes: https://podcasts.apple.com/us/podcast/darknet-diaries/id1296350485?i=1000716877482

MG – Darknet Diaries

In this episode we talk with MG, the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities.

MGJul 15, 2025
Jack Rhysider ⏯Jul 15, 2025

New episode alert!
Ep 161: MG

In this episode we talk with MG, the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities.

https://darknetdiaries.com/episode/161

MGJun 9, 2025

Every time I travel, I let people charge their devices. Totally harmless.

They never know who I am or what I normally do with USB cables, but maybe one day… 😂

This lady’s phone died a few min into a 5hr flight. I just wanted her to enjoy her time.

MGApr 12, 2025

Tariff exemptions just dropped for smartphones, computers, etc.

Xi doing the “we aren’t going to bother going past 125%, it’s pointless. this is now a joke” followed immediately by Trump stepping backward by removing tariffs from a big chunk of imports.

The next week is gonna be real interesting…

MGApr 8, 2025

You might not like it, but this is what peak USA manufacturing looks like!

(I was in the middle of live streaming firmware flashing & panel breaking of some PCBs. But then the house lizard decided to run through the middle of everything.)