[task #15934] Submission of Drive Badger

savannah-register-public

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[task #15934] Submission of Drive Badger

From:	Tomasz Klim
Subject:	[task #15934] Submission of Drive Badger
Date:	Thu, 8 Apr 2021 05:08:20 -0400 (EDT)
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0

URL:
  <https://savannah.nongnu.org/task/?15934>

                 Summary: Submission of Drive Badger
                 Project: Savannah Administration
            Submitted by: tomaszklim
            Submitted on: Thu 08 Apr 2021 09:08:18 AM UTC
         Should Start On: Thu 08 Apr 2021 12:00:00 AM UTC
   Should be Finished on: Sun 18 Apr 2021 12:00:00 AM UTC
                Category: Project Approval
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
        Percent Complete: 0%
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                  Effort: 0.00

    _______________________________________________________

Details:

A new project has been registered at Savannah
This project account will remain inactive until a site admin approves
or discards the registration.


= Registration Administration =

While this item will be useful to track the registration process,
*approving or discarding the registration must be done using the specific
Group Administration
<https://savannah.nongnu.org/siteadmin/groupedit.php?group_id=12137> page*,
accessible only to site administrators,
effectively *logged as site administrators* (superuser):

* Group Administration
<https://savannah.nongnu.org/siteadmin/groupedit.php?group_id=12137>


= Registration Details =

* Name: *Drive Badger*
* System Name:  *drivebadger*
* Type: non-GNU software and documentation
* License: GNU General Public License v3 or later (MIT License (for Drive
Badger itself)

GNU GPL2 (for Kali Linux)

)

----

== Description: ==
Drive Badger is a software tool for data exfiltration – which means, for
copying data from the computer to external USB drive. Unlike many other tools
from IT security area, it's not a Proof-of-Concept kind of tool, bringing some
groundbreaking techniques. Everything, what Drive Badger does, can be as well
run manually, step by step. Instead, what Drive Badger really does, is doing
it all better, by putting the maximum focus on:

- speed - all operation is fully automated, and there are over 340 unique
exclude rules, which reduce the amount of files to be copied by eliminating
low-value files and directories from the list, and thus save typically over
95% of the time, that would be spent by "naive" script
- stealth - all operation is done below the installed operating system, so
totally invisible to the installed security software (anti-virus, DLP, SIEM,
EDR etc.)
- support for drive encryption - Microsoft BitLocker and Apple FileVault
encryption is supported, including automated matching the keys given as flat
list, to particular encrypted partitions
- operator safety - there is no way to distinguish between Drive Badger and
ordinary Kali Linux Live drive, or to prove the fact of data exfiltration,
until someone knows the proper password (and thanks to PBKDF2 algorithm, there
is no way to crack it)

So, the real purpose of Drive Badger is to change the economics of covert data
exfiltration attacks (make them more affordable), by reducing the overall risk
of the operation, and also by lowering the entry threshold for the operator,
who no longer needs to have IT background.

Technically means, Drive Badger is a modular framework written in Unix Shell,
running on modified Kali Linux Live, from USB drive. What it does, is:

- detect all drives, including encrypted drives and network shares
- mount them
- rsync contents (using over 340 exclude rules to speed up)



== Other Software Required: ==
All binary dependencies are present in standard Debian repositories (Drive
Badger doesn't require anything non-free).

The most advanced dependency is Dislocker:
https://packages.debian.org/sid/utils/dislocker


== Other Comments: ==
Full documentation available here:
https://github.com/drivebadger/drivebadger/wiki


== Tarball URL: ==
https://github.com/drivebadger/drivebadger/archive/refs/tags/2021.03.01.tar.gz






    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/task/?15934>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[task #15934] Submission of Drive Badger, Tomasz Klim <=
- [task #15934] Submission of Drive Badger, Ineiev, 2021/04/27

Prev by Date: [task #15928] Submission of Lockheed Electronics Company MAC-16 minicomputer emulator
Next by Date: [task #15908] Submission of sfm
Previous by thread: [task #15908] Submission of sfm
Next by thread: [task #15934] Submission of Drive Badger
Index(es):
- Date
- Thread