A real-time endpoint security utility that aggregates automatic hardware event monitoring, immediate keystroke interception, secure input isolation, and randomized multi-digit authorization into a single, high-priority background service.
AntiRD is a lightweight endpoint protection utility for Windows designed to mitigate keystroke injection and BadUSB attacks. Built with PowerShell and a highly optimized AutoHotkey v1.1.37.2 runtime, input hooks are executed with elevated process priority to achieve near-instantaneous blocking, neutralizing high-speed payloads before malicious commands can execute.
BadUSB is a security vulnerability inherent to the USB standard. It allows the firmware of a USB microcontroller (found in flash drives, cables, or power adapters) to be reprogrammed to spoof other device classes. Most commonly, a compromised device masquerades as a Human Interface Device (HID)—such as a keyboard—allowing it to bypass standard endpoint security and execute unauthorized commands.
A USB Rubber Ducky is a specialized keystroke injection tool disguised as a standard USB flash drive. Originally developed for penetration testing, the device emulates a high-speed keyboard to execute pre-configured scripts (payloads) immediately upon connection. It exploits the operating system's implicit trust in Human Interface Devices (HIDs) to compromise a system in a matter of seconds.
Deploy AntiRD immediately using the pre-compiled installer, or build it directly from the source files.
- Download the
AntiRD_Setup.exeinstaller from the latest release. - Execute the installer with Administrator privileges if needed.
- The setup wizard will automatically install the core binaries and configure the boot-time startup shortcut.
- Restart the system to apply the startup configurations and initialize the hardware monitor.
For security purposes, you can verify the integrity of the installer binary using the SHA-256 hash provided in the release notes.
To verify the hash in Windows PowerShell, run:
Get-FileHash .\AntiRD_Setup.exe -Algorithm SHA256- AutoHotkey v1.1.37.2 (specifically the
Ahk2Execompiler tool) - NSIS v3.06 or later (Nullsoft Scriptable Install System)
- Source Preparation: Develop and refine the core security scripts: the PowerShell hardware monitor and the AutoHotkey (inputBlock) input-blocking utility.
- Binary Generation: Compile the AutoHotkey script into a standalone executable (inputBlock.exe) using the official Ahk2Exe compiler.
- Packaging Configuration: Structure the NSIS script to bundle the compiled binary and the PowerShell monitor. Ensure the installer is configured to allocate a shortcut to the PowerShell script inside the Windows Startup directory ($SMSTARTUP) for automated, boot-time protection.
- Installer Compilation: Build the final deployment package using the NSIS compiler to generate the standalone AntiRD_Setup.exe installer.
Icon based on works by Jeremiah and Iconshock:
License: Creative Commons Attribution 4.0 (CC BY 4.0) https://creativecommons.org/licenses/by/4.0/
For any details contact the owner of the project on:
- Email: garciavinapablo@gmail.com
- LinkedIn: pablo-garcía-viña