How not to fall victim to these badUSB devices?

• Don’t accept (weird) usb devices or insert them if you don’t know their origins.
• Use an USB Condom or USB dust caps or protector caps, but these things only really help when you leave your devices unattended for VERY short amounts of time.
• Threathening people with violence when they insert foreign usb devices in your computer is an option but generally frowned upon by HR (yes this is a joke, don’t use violence!)

but let’s assume that one day someone IS able to plug-in a badUSB in your computer..

• Don’t keep passwords in txt-files on your pc. Use one of the many password managers out there! (bitwarden, keepass, lastpass, protonpass, …)
• Only use your admin account for those times you actually need it.
• Multi-factor authentication is absolutely helpful as malicious actors need more than just your password to do naughty stuff on your account!

How can we detect badUSB abuse?

• USB forensics is… special and so we shouldn’t always trust its data.
• Sure, there are some tools out there.
• More interesting is doing command line logging which can be done in multiple ways.
• It might surprise you that windows doesn’t really do that out-of-the-box
• Things like enabling constrained language mode also help

Bottom line: defense in depth is key, always.