[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[task #15934] Submission of Drive Badger
From: |
Tomasz Klim |
Subject: |
[task #15934] Submission of Drive Badger |
Date: |
Thu, 8 Apr 2021 05:08:20 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0 |
URL:
<https://savannah.nongnu.org/task/?15934>
Summary: Submission of Drive Badger
Project: Savannah Administration
Submitted by: tomaszklim
Submitted on: Thu 08 Apr 2021 09:08:18 AM UTC
Should Start On: Thu 08 Apr 2021 12:00:00 AM UTC
Should be Finished on: Sun 18 Apr 2021 12:00:00 AM UTC
Category: Project Approval
Priority: 5 - Normal
Status: None
Privacy: Public
Percent Complete: 0%
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Effort: 0.00
_______________________________________________________
Details:
A new project has been registered at Savannah
This project account will remain inactive until a site admin approves
or discards the registration.
= Registration Administration =
While this item will be useful to track the registration process,
*approving or discarding the registration must be done using the specific
Group Administration
<https://savannah.nongnu.org/siteadmin/groupedit.php?group_id=12137> page*,
accessible only to site administrators,
effectively *logged as site administrators* (superuser):
* Group Administration
<https://savannah.nongnu.org/siteadmin/groupedit.php?group_id=12137>
= Registration Details =
* Name: *Drive Badger*
* System Name: *drivebadger*
* Type: non-GNU software and documentation
* License: GNU General Public License v3 or later (MIT License (for Drive
Badger itself)
GNU GPL2 (for Kali Linux)
)
----
== Description: ==
Drive Badger is a software tool for data exfiltration – which means, for
copying data from the computer to external USB drive. Unlike many other tools
from IT security area, it's not a Proof-of-Concept kind of tool, bringing some
groundbreaking techniques. Everything, what Drive Badger does, can be as well
run manually, step by step. Instead, what Drive Badger really does, is doing
it all better, by putting the maximum focus on:
- speed - all operation is fully automated, and there are over 340 unique
exclude rules, which reduce the amount of files to be copied by eliminating
low-value files and directories from the list, and thus save typically over
95% of the time, that would be spent by "naive" script
- stealth - all operation is done below the installed operating system, so
totally invisible to the installed security software (anti-virus, DLP, SIEM,
EDR etc.)
- support for drive encryption - Microsoft BitLocker and Apple FileVault
encryption is supported, including automated matching the keys given as flat
list, to particular encrypted partitions
- operator safety - there is no way to distinguish between Drive Badger and
ordinary Kali Linux Live drive, or to prove the fact of data exfiltration,
until someone knows the proper password (and thanks to PBKDF2 algorithm, there
is no way to crack it)
So, the real purpose of Drive Badger is to change the economics of covert data
exfiltration attacks (make them more affordable), by reducing the overall risk
of the operation, and also by lowering the entry threshold for the operator,
who no longer needs to have IT background.
Technically means, Drive Badger is a modular framework written in Unix Shell,
running on modified Kali Linux Live, from USB drive. What it does, is:
- detect all drives, including encrypted drives and network shares
- mount them
- rsync contents (using over 340 exclude rules to speed up)
== Other Software Required: ==
All binary dependencies are present in standard Debian repositories (Drive
Badger doesn't require anything non-free).
The most advanced dependency is Dislocker:
https://packages.debian.org/sid/utils/dislocker
== Other Comments: ==
Full documentation available here:
https://github.com/drivebadger/drivebadger/wiki
== Tarball URL: ==
https://github.com/drivebadger/drivebadger/archive/refs/tags/2021.03.01.tar.gz
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/task/?15934>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
- [task #15934] Submission of Drive Badger,
Tomasz Klim <=