Народы и языки
Карты
Социальные сети
Оставляйте комментарии, предложения, следите за новостями в наших группах в ВК, Одноклассниках и Telegram канале.
The era of Double-Click Execute malware is fading, but the era of Social Engineering via USB is thriving. Attackers rely on your curiosity. They rely on the fact that 67% of users will plug in a lost USB drive they find in a parking lot.
Whether you use MCShield, a custom PowerShell script, or Windows Group Policy lockdowns, the goal remains the same: USB Autorun Detective
Save the following script as USB-HealthCheck.ps1 : The era of Double-Click Execute malware is fading,
$infPath = $DriveLetter + "\autorun.inf" if (Test-Path $infPath) Write-Host "[!] Autorun.inf FOUND!" -ForegroundColor Red Get-Content $infPath else Write-Host "[+] No Autorun.inf detected." Whether you use MCShield, a custom PowerShell script,
Let’s assume you have found a USB stick in the parking lot (NEVER plug an unknown USB into a computer connected to your network). You have an air-gapped "sacrificial" laptop or a Linux live boot.
Originally, Autorun.inf was a legitimate feature. It allowed CD-ROMs to automatically launch installation menus. When applied to USB drives, it allowed for automatic slideshows or portable app launchers. However, the syntax was terrifyingly powerful: