Page MenuHomePhorge

Packaging USBKill
Open, WishlistPublic


USBKill (GPL licensed) is a really cool anti-forensics script written in the aftermath of the SilkRoad trial. Its purpose is to trigger protection events that prevents adversaries from siphoning files/installing malware/running a mouse jiggler. It creates a USB whitelist of allowed devices of which anything else plugged into the machine causes it to erase its RAM and immediately shutdown. This can be adjusted to exclude all devices.

It can also be used in reverse, with a whitelisted flash drive in the USB port attached to the user's wrist via a lanyard serving as a key. In this instance, if the flash drive is forcibly removed, the program will initiate the desired routines. - RFP - RFP

Overlaps with T905.



Event Timeline

An interesting product that triggers a system wipe if the cable is pulled:

Of course it is too risky and very likely to create a false positive. May risk the cable being backdoored in a waterhole attack if it requires a tailored hardware product to work.