Posts

DigiSpark ATTiny85 is a compact AVR-based architecture micro-controller, available for a few bucks on Amazon, which can be programmed to simulate an input device, such as a keyboard, making an interesting alternative to Hak5’s rubber ducky. Unfortunately, the board’s vendor discontinued support a few years ago and the official site hosting the configuration package is still offline, making the manual installation the only way to setup the board. Over the years some projects, such as Spence Konde’s ATTinyCore, tried to fill the void but installation of additional libraries is still required....

Introduction During my daily blue-team operations I stumbled across a lightning fast infection chain, all started with a suspicious attachment received via e-mail through a compromised supplier address. Since the installed security solution blocked only the first stage payload, I took charge of the alerts and decided to deep dive and analyze the sample. Analysis The initial access vector is a .zip archive, downloaded from the web, containing the following files:...

Introduction During my daily blue-team operations I stumbled across a series of similar infection chains, all started with an infected thumb drive. Since the installed security solution detected with a generic signature the threat but didn’t block it, I took charge of the alerts and decided to deep dive and analyze the sample. Analysis The initial access vector is an infected USB stick, used to transfer files to a copy shop, containing the following files:...