This is clever: find an unlocked Windows computer, pop in a USB and it shows a fake login/lock screen ("hmm, did I lock my PC when I went for a coffee?")
User enters credentials into *your* app & you just stole the username/password. 
https://github.com/Pickfordmatt/SharpLocker …
-
-
-
Indeed,
@keld_norman tweeted on this yesterday. He used a combination of flashdrive and RubberDucky IIRC. Looked into the compiled version of fake LockScreen, uses 80KB ... P4wnP1 us basically able to type it out or ship it via USB mass storage. - Još 4 druga odgovora
Novi razgovor -
-
-
Would be funny to be able to run this on a Mac. I've successfully tricked people with http://fakeupdate.net running a Windows update on a MacBook... ¯\_(ツ)_/¯
- Još 2 druga odgovora
Novi razgovor -
-
-
The only case where this doesn't work is when the malware is unable to compromise the kernel and the user is trained to press ctrl+alt+del on login
- Još 1 odgovor
Novi razgovor -
-
-
The old ones are the best. Did you know that’s why ctrl-alt-del brings up the login window? It’s an untrappable key combination, so you can be sure you’re talking to the OS.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
The attack is well-illustrated in my colleague
@keld_norman's demo video posted yesterday. He modified@Mattspickford's code to exfil encrypted data via DNS. -
Forgot link to the video: https://twitter.com/keld_norman/status/1216740083208015873?s=19 ….
0:37
Kraj razgovora
Novi razgovor -
-
-
Very
@DarknetDiaries! :-)Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.