This DuckyScript automates the removal of problematic CrowdStrike files causing BSOD on Windows. The script opens PowerShell as an administrator, sets the execution policy to bypass restrictions, checks for specific CrowdStrike files, deletes them if found, and restarts the computer to complete the fix.
On July 19, 2024, a CrowdStrike update caused widespread BSOD issues on Windows systems globally, impacting many organizations, including the ABC, Foxtel, the Commonwealth Bank, and more. This incident affected systems in regions such as EU-1, US-1, US-2, and US-GOV-1, causing massive disruptions across various sectors.
-
Prepare the script:
- Copy the DuckyScript provided below and save it as
CounterCrowdStrike.txt.
- Copy the DuckyScript provided below and save it as
-
Load the script onto the device:
- Load the
CounterCrowdStrike.txtfile onto the USB Rubber Ducky or Flipper Zero.
- Load the
-
Execute the script:
- Insert the USB Rubber Ducky or Flipper Zero into the target computer.
- The script will run automatically, performing the necessary actions.