Information
ID: 552
PHID: PHID-TASK-7cpymfz5exa5qmmmjjiz
Author: HulaHoop
Status at Migration Time: open
Priority at Migration Time: Wishlist
Description
USBKill (GPL licensed) is a really cool anti-forensics script written in the aftermath of the SilkRoad trial. Its purpose is to trigger protection events that prevents adversaries from siphoning files/installing malware/running a mouse jiggler. It creates a USB whitelist of allowed devices of which anything else plugged into the machine causes it to erase its RAM and immediately shutdown. This can be adjusted to exclude all devices.
It can also be used in reverse, with a whitelisted flash drive in the USB port attached to the user’s wrist via a lanyard serving as a key. In this instance, if the flash drive is forcibly removed, the program will initiate the desired routines.
GitHub - hephaest0s/usbkill: « usbkill » is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
Packaging USBKill for Debian · Issue #75 · hephaest0s/usbkill · GitHub - RFP
Package killer for Debian · Issue #31 · Lvl4Sword/Killer · GitHub - RFP
https://7io.net/2015/07/02/python-usbkill-anti-forensic-usb-killswitch/#more-201
Overlaps with T905.
Comments
HulaHoop
2020-01-07 16:51:00 UTC