![]() ![]() Malicious file can be coded to do anything you need.Code this file to call back to your server and rely on user running it. Use a regular USB drive containing a malicious file (could be Word document with macro, pe/macho/elf, PDF, chm, etc.). There are many approaches to this, each with their own tradeoffs. The majority of engagements we provide for our clients focus on reporting statistics on how likely their employees are to pick up and plug in a usb device. ![]() ![]() Collect hashes from any user plugging in the malicious USB (when our collection server is reachable over SMB).Monitor and report on USB drives being plugged in using regular USB drives with stock firmware.This post will provide on a tutorial on using desktop.ini with USB drives to: Although it is not our go to option during red teams and social engineering engagements, it can still prove to be a useful tool. USB dropping is one of those famous ‘hacker’ moves from the 2000’s that lives on in infamy. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |