Author Topic: Porcupine - Anti-Forensic tool (beta)  (Read 7172 times)

_B0l4_

  • Newbie
  • *
  • Posts: 6
    • View Profile
on: February 06, 2013, 03:02:55 AM
Hi to all members,
I would like to share a small anti-forensic tool that i wrote in these days: https://github.com/t0t3m/Porcupine

In a nutshell this is a software built with int0x80's great presentations at Derbycon 2012 in mind:

His main goal is to assure a base protection against physical attack vectors like USB pendrives or CD/DVD with forensic/analysis tools.

Please be lenient, it's still a software in beta stage, if not in alpha stage.

Best regards,
_B0l4_

P.S. If it's not the correct place for this sort of thing, i apologize in advance.  ;D
P.P.S. It's developed under BackBox, so it should be fully compatible, pyudev apart.
P.P.P.S At the moment i've only tested USB drives and CD/DVD ROMs

====================================================================================================

Salve a tutti,
vorrei condividere con tutti voi un piccolo tool anti-forensic che ho scritto in questi giorni: https://github.com/t0t3m/Porcupine

In poche parole è un software ispirato dalle ottime presentazioni di int0x80 ai Derbycon 2012:

Il suo principale obiettivo è di assicurare una protezione di base contro vettori di attacco fisici quali USB pendrives o CD/DVD con forensic/analysis tools

Vi prego di essere clementi, è ancora un software in beta stage, se non in alpha stage.

Cordiali saluti,
_B0l4_

P.S. Se non è il posto corretto per postare questo genere di cose, mi scuso in anticipo.  ;D
P.P.S. E' stato sviluppato in BackBox, quindi dovrebbe essere pienamente compatibile, pyudev a parte.
P.P.P.S Al momento mi è stato solo possibile effettuare tests su USB drives e CD/DVD ROMs
« Last Edit: February 06, 2013, 03:10:43 AM by _B0l4_ »



raffaele

  • Administrator
  • Hero Member
  • *****
  • Posts: 507
    • View Profile
    • My Blog
Reply #1 on: February 06, 2013, 07:42:34 PM
Thanks!

Grazie per la condivisione ;)

raffaele@backbox:~$ Get root or die tryin'


ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #2 on: February 06, 2013, 08:56:44 PM
Thank you for sharing with us.

Cheers !


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


Stolas

  • Newbie
  • *
  • Posts: 45
    • View Profile
Reply #3 on: February 07, 2013, 12:51:38 PM
Some tips for future releases:
  • Add dmesg wipe
  • Add $HISTFILE wipe or nullify
  • Don't forget about other log files
  • Maybe a way to easily insert rootkits to annoy forensic teams

Just some thoughts.

Whenever you think you can or can't your right.


_B0l4_

  • Newbie
  • *
  • Posts: 6
    • View Profile
Reply #4 on: February 08, 2013, 01:21:18 PM
Some tips for future releases:
  • Add dmesg wipe
  • Add $HISTFILE wipe or nullify
  • Don't forget about other log files
  • Maybe a way to easily insert rootkits to annoy forensic teams

Just some thoughts.


Thanks for the suggestions, i'll implement the first two as soon as possible.  ;D
Also the 3rd point or the list is something that i was thinking yesterday.

About rootkit, i'll have to think about it. At the moment, i have no idea on how to do it.  :(

Edit: Added:
  • Purge dmesg pipe through dmesg -C and deletion of all /var/log/dmesg* files through shred linux command
  • Deletion of .bash_history file of the current user through shred linux command
« Last Edit: February 08, 2013, 05:50:11 PM by _B0l4_ »



Stolas

  • Newbie
  • *
  • Posts: 45
    • View Profile
Reply #5 on: March 13, 2013, 02:39:02 PM
Read the "Designing BSD Rootkits" and you'll know.
Have a look at some VX webpages like vxheavens a lot of info can be found easily. :)

Whenever you think you can or can't your right.