Porcupine - Anti-Forensic tool (beta)

Started by _B0l4_, February 06, 2013, 03:02:55 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

_B0l4_

February 06, 2013, 03:02:55 AM Last Edit: February 06, 2013, 03:10:43 AM by _B0l4_
Hi to all members,
I would like to share a small anti-forensic tool that i wrote in these days: https://github.com/t0t3m/Porcupine

In a nutshell this is a software built with int0x80's great presentations at Derbycon 2012 in mind:

His main goal is to assure a base protection against physical attack vectors like USB pendrives or CD/DVD with forensic/analysis tools.

Please be lenient, it's still a software in beta stage, if not in alpha stage.

Best regards,
_B0l4_

P.S. If it's not the correct place for this sort of thing, i apologize in advance.  ;D
P.P.S. It's developed under BackBox, so it should be fully compatible, pyudev apart.
P.P.P.S At the moment i've only tested USB drives and CD/DVD ROMs

====================================================================================================

Salve a tutti,
vorrei condividere con tutti voi un piccolo tool anti-forensic che ho scritto in questi giorni: https://github.com/t0t3m/Porcupine

In poche parole è un software ispirato dalle ottime presentazioni di int0x80 ai Derbycon 2012:

Il suo principale obiettivo è di assicurare una protezione di base contro vettori di attacco fisici quali USB pendrives o CD/DVD con forensic/analysis tools

Vi prego di essere clementi, è ancora un software in beta stage, se non in alpha stage.

Cordiali saluti,
_B0l4_

P.S. Se non è il posto corretto per postare questo genere di cose, mi scuso in anticipo.  ;D
P.P.S. E' stato sviluppato in BackBox, quindi dovrebbe essere pienamente compatibile, pyudev a parte.
P.P.P.S Al momento mi è stato solo possibile effettuare tests su USB drives e CD/DVD ROMs

raffaele

#1
February 06, 2013, 07:42:34 PM
Thanks!

Grazie per la condivisione ;)
raffaele@backbox:~$ Get root or die tryin'

ZEROF

#2
February 06, 2013, 08:56:44 PM
Thank you for sharing with us.

Cheers !

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

Stolas

#3
February 07, 2013, 12:51:38 PM
Some tips for future releases:

  • Add dmesg wipe
  • Add $HISTFILE wipe or nullify
  • Don't forget about other log files
  • Maybe a way to easily insert rootkits to annoy forensic teams

Just some thoughts.
Whenever you think you can or can't your right.

_B0l4_

#4
February 08, 2013, 01:21:18 PM Last Edit: February 08, 2013, 05:50:11 PM by _B0l4_
Quote from: Stolas on February 07, 2013, 12:51:38 PM
Some tips for future releases:

  • Add dmesg wipe
  • Add $HISTFILE wipe or nullify
  • Don't forget about other log files
  • Maybe a way to easily insert rootkits to annoy forensic teams

Just some thoughts.


Thanks for the suggestions, i'll implement the first two as soon as possible.  ;D
Also the 3rd point or the list is something that i was thinking yesterday.

About rootkit, i'll have to think about it. At the moment, i have no idea on how to do it.  :(

Edit: Added:

  • Purge dmesg pipe through dmesg -C and deletion of all /var/log/dmesg* files through shred linux command
  • Deletion of .bash_history file of the current user through shred linux command

Stolas

#5
March 13, 2013, 02:39:02 PM
Read the "Designing BSD Rootkits" and you'll know.
Have a look at some VX webpages like vxheavens a lot of info can be found easily. :)
Whenever you think you can or can't your right.
Print
Go Up Pages1
User actions