URL: <https://savannah.nongnu.org/task/?15934>
Summary: Submission of Drive Badger Project: Savannah Administration Submitted by: tomaszklim Submitted on: Thu 08 Apr 2021 09:08:18 AM UTC Should Start On: Thu 08 Apr 2021 12:00:00 AM UTC Should be Finished on: Sun 18 Apr 2021 12:00:00 AM UTC Category: Project Approval Priority: 5 - Normal Status: None Privacy: Public Percent Complete: 0% Assigned to: None Open/Closed: Open Discussion Lock: Any Effort: 0.00 _______________________________________________________ Details: A new project has been registered at Savannah This project account will remain inactive until a site admin approves or discards the registration. = Registration Administration = While this item will be useful to track the registration process, *approving or discarding the registration must be done using the specific Group Administration <https://savannah.nongnu.org/siteadmin/groupedit.php?group_id=12137> page*, accessible only to site administrators, effectively *logged as site administrators* (superuser): * Group Administration <https://savannah.nongnu.org/siteadmin/groupedit.php?group_id=12137> = Registration Details = * Name: *Drive Badger* * System Name: *drivebadger* * Type: non-GNU software and documentation * License: GNU General Public License v3 or later (MIT License (for Drive Badger itself) GNU GPL2 (for Kali Linux) ) ---- == Description: == Drive Badger is a software tool for data exfiltration – which means, for copying data from the computer to external USB drive. Unlike many other tools from IT security area, it's not a Proof-of-Concept kind of tool, bringing some groundbreaking techniques. Everything, what Drive Badger does, can be as well run manually, step by step. Instead, what Drive Badger really does, is doing it all better, by putting the maximum focus on: - speed - all operation is fully automated, and there are over 340 unique exclude rules, which reduce the amount of files to be copied by eliminating low-value files and directories from the list, and thus save typically over 95% of the time, that would be spent by "naive" script - stealth - all operation is done below the installed operating system, so totally invisible to the installed security software (anti-virus, DLP, SIEM, EDR etc.) - support for drive encryption - Microsoft BitLocker and Apple FileVault encryption is supported, including automated matching the keys given as flat list, to particular encrypted partitions - operator safety - there is no way to distinguish between Drive Badger and ordinary Kali Linux Live drive, or to prove the fact of data exfiltration, until someone knows the proper password (and thanks to PBKDF2 algorithm, there is no way to crack it) So, the real purpose of Drive Badger is to change the economics of covert data exfiltration attacks (make them more affordable), by reducing the overall risk of the operation, and also by lowering the entry threshold for the operator, who no longer needs to have IT background. Technically means, Drive Badger is a modular framework written in Unix Shell, running on modified Kali Linux Live, from USB drive. What it does, is: - detect all drives, including encrypted drives and network shares - mount them - rsync contents (using over 340 exclude rules to speed up) == Other Software Required: == All binary dependencies are present in standard Debian repositories (Drive Badger doesn't require anything non-free). The most advanced dependency is Dislocker: https://packages.debian.org/sid/utils/dislocker == Other Comments: == Full documentation available here: https://github.com/drivebadger/drivebadger/wiki == Tarball URL: == https://github.com/drivebadger/drivebadger/archive/refs/tags/2021.03.01.tar.gz _______________________________________________________ Reply to this item at: <https://savannah.nongnu.org/task/?15934> _______________________________________________ Message sent via Savannah https://savannah.nongnu.org/