USB Rubber Ducky attacks explained: Keystroke injection, evasion, and defense

The report explains how USB Rubber Ducky devices masquerade as keyboards to inject keystrokes that can launch PowerShell and other interpreters to exfiltrate data or deploy ransomware while evading traditional signature and behavior-based detection; it emphasizes defensive controls (application allowlisting, ringfencing, device restrictions and blocking unnecessary PowerShell) and describes how ThreatLocker mitigates these attacks.