Forensic

I’ve been banging my head on this one for days. Even pretended the bin file was raw bitmap image without the header, but no joy.
Any hint would be most appreciated.

There exists a commercial product that the title refers to and that is being used in the scenario outline. Look into how that works.

I’m pretty stuck on this too. I didn’t find any commercial tool. Is this about the Ugly Duckling theorem?

Ok, I got a hint on the IRC channel. Thanks!

I’m stuck too, seems to have something to do with the rubber duck ...

It is involved in Rubber Ducky?

I found out what product the title refers to, and was able to get the initial payload. It however simply downloads another executable via powershell and executes that. I have no idea where to go from there, and IRC wasn’t exactly helpful. It’s also not quite clear where/what the password for the challenge is. Any help would be appreciated.

If you got the executable you are almost done, search for text.

Hi There!

1. You should guess that our intruder has used USB Rubber Ducky attack.
2. When you get next-stage executable you should firstly check strings inside it.