DOE AGORA Qualquer valor

Marcadores

USB Anti Forensic Tool: usbdeath


USB Anti Forensic Tool

anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb device insertion or specific usb device removal.  usbdeath is a small script inspired by usbkill, “an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer”. The main differences are:
  • it is written in bash, so literally anyone with basic programming skills could read through the code and audit it
  • it is not a daemon, just a rule file manipulation script, all monitoring stuff are done by existing udev daemon
  • it uses more identification values for usb devices (if usb device has these values) such as name and serial number

Config

You should change some options inside the script. Specifically, turn off safe (demo) mode and edit trigger commands (default aresync and poweroff).

Usage

usbdeath action
where action is:
oon – activate usbdeath
xoff – temporarily deactivate usbdeath
jeject – add entry on eject event
ggen – generate or refresh whitelist udev rules file
ddel – delete udev rules file
ttrigger – trigger event on insertion or removal
eedit – edit udev rules file manually
sshow – show currently connected usb devices
You should probably put this script in PATH and do not move it after activation, as rules file relies on absolute path to script. You can change this behavior in advanced config section of script though.

Examples

Check out connected usb devices
usbdeath show
First run, generate whitelist of connected usb devices
usbdeath on
Also add event on ejection of specific usb device, just choose one from the list
usbdeath eject
So usbdeath rules are active. You need to insert new trusted usb device, temporarily turn off usbdeath
usbdeath off
You decide to permanently add newly inserted device(s) to whitelist
usbdeath gen
And activate usbdeath rules again
usbdeath on
You are so badass that you can edit udev rules file manually
usbdeath edit
You messed up with editing or something went wrong, you decide to delete rules file and start over
usbdeath del

Dependencies

bash
modern linux os with udev and probably systemd

USB Anti Forensic Tool: usbdeath Download
RATE HERE
Ease Of Use
72%
Features
66%
Value
58%
Overall Rating
77%
68%
14 RATINGS
OWND
5%
COOL
74%
NICE
5%
WHAT ?
0%
MEH
5%
ZZZZZZZ
5%
RAGE
5%
Enviar esta postagem
Marcadores:

Comentários

Postar um comentário

Ebook

Postagens mais visitadas