Pages: [1]   Go Down
Print
Author Topic: Porcupine - Anti-Forensic tool (beta)  (Read 3468 times)
_B0l4_
Newbie
*
Posts: 6


View Profile
« on: February 06, 2013, 03:02:55 AM »

Hi to all members,
I would like to share a small anti-forensic tool that i wrote in these days: https://github.com/t0t3m/Porcupine

In a nutshell this is a software built with int0x80's great presentations at Derbycon 2012 in mind:

His main goal is to assure a base protection against physical attack vectors like USB pendrives or CD/DVD with forensic/analysis tools.

Please be lenient, it's still a software in beta stage, if not in alpha stage.

Best regards,
_B0l4_

P.S. If it's not the correct place for this sort of thing, i apologize in advance.  Grin
P.P.S. It's developed under BackBox, so it should be fully compatible, pyudev apart.
P.P.P.S At the moment i've only tested USB drives and CD/DVD ROMs

====================================================================================================

Salve a tutti,
vorrei condividere con tutti voi un piccolo tool anti-forensic che ho scritto in questi giorni: https://github.com/t0t3m/Porcupine

In poche parole è un software ispirato dalle ottime presentazioni di int0x80 ai Derbycon 2012:

Il suo principale obiettivo è di assicurare una protezione di base contro vettori di attacco fisici quali USB pendrives o CD/DVD con forensic/analysis tools

Vi prego di essere clementi, è ancora un software in beta stage, se non in alpha stage.

Cordiali saluti,
_B0l4_

P.S. Se non è il posto corretto per postare questo genere di cose, mi scuso in anticipo.  Grin
P.P.S. E' stato sviluppato in BackBox, quindi dovrebbe essere pienamente compatibile, pyudev a parte.
P.P.P.S Al momento mi è stato solo possibile effettuare tests su USB drives e CD/DVD ROMs
« Last Edit: February 06, 2013, 03:10:43 AM by _B0l4_ » Logged
raffaele
Administrator
Sr. Member
*****
Posts: 479


View Profile WWW
« Reply #1 on: February 06, 2013, 07:42:34 PM »

Thanks!

Grazie per la condivisione Wink
Logged

raffaele@backbox:~$ Get root or die tryin'
ZEROF
Global Moderator
Hero Member
*****
Posts: 612


View Profile WWW
« Reply #2 on: February 06, 2013, 08:56:44 PM »

Thank you for sharing with us.

Cheers !
Logged

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*
Stolas
Newbie
*
Posts: 45


View Profile
« Reply #3 on: February 07, 2013, 12:51:38 PM »

Some tips for future releases:
  • Add dmesg wipe
  • Add $HISTFILE wipe or nullify
  • Don't forget about other log files
  • Maybe a way to easily insert rootkits to annoy forensic teams

Just some thoughts.
Logged

Whenever you think you can or can't your right.
_B0l4_
Newbie
*
Posts: 6


View Profile
« Reply #4 on: February 08, 2013, 01:21:18 PM »

Some tips for future releases:
  • Add dmesg wipe
  • Add $HISTFILE wipe or nullify
  • Don't forget about other log files
  • Maybe a way to easily insert rootkits to annoy forensic teams

Just some thoughts.


Thanks for the suggestions, i'll implement the first two as soon as possible.  Grin
Also the 3rd point or the list is something that i was thinking yesterday.

About rootkit, i'll have to think about it. At the moment, i have no idea on how to do it.  Sad

Edit: Added:
  • Purge dmesg pipe through dmesg -C and deletion of all /var/log/dmesg* files through shred linux command
  • Deletion of .bash_history file of the current user through shred linux command
« Last Edit: February 08, 2013, 05:50:11 PM by _B0l4_ » Logged
Stolas
Newbie
*
Posts: 45


View Profile
« Reply #5 on: March 13, 2013, 02:39:02 PM »

Read the "Designing BSD Rootkits" and you'll know.
Have a look at some VX webpages like vxheavens a lot of info can be found easily. Smiley
Logged

Whenever you think you can or can't your right.
Pages: [1]   Go Up
Print
Jump to: