Abstract

Ever thought how malware enters your environment? Through pen drives, drive by, js, malicious attachments, malicious free softwares, fake Antivirus? Not always. A malware can be introduced in your environment using a Human Interface Device. The device for this talk is Teensy, it is a USB Microcontroller which can “type” already programmed commands in it and can be used as a programmable keyboard. This talk details and demonstrates a POC malware which can infect a windows environment by using the Teensy device. Get deceived by Mareech. Mareech is a combination of Teensy, powershell scripts and executables. When attached to a single system in a Windows environment, it propagates to all other windows machines in the same domain. Pastebin and Google docs can be used as a Command and Control center for this. Keylogging, TCP shells, ICMP shells, sensitive registry values and password hashes are available with this. The talk will be full of live demonstrations.