Page MenuHomePhabricator

Packaging USBKill
Open, WishlistPublic

Description

USBKill (GPL licensed) is a really cool anti-forensics script written in the aftermath of the SilkRoad trial. Its purpose is to trigger protection events that prevents adversaries from siphoning files/installing malware/running a mouse jiggler. It creates a USB whitelist of allowed devices of which anything else plugged into the machine causes it to erase its RAM and immediately shutdown. This can be adjusted to exclude all devices.

It can also be used in reverse, with a whitelisted flash drive in the USB port attached to the user's wrist via a lanyard serving as a key. In this instance, if the flash drive is forcibly removed, the program will initiate the desired routines.


github.com/hephaest0s/usbkill
github.com/hephaest0s/usbkill/issues/75 - RFP

https://github.com/Lvl4Sword/Killer
https://github.com/Lvl4Sword/Killer/issues/31 - RFP

https://en.wikipedia.org/wiki/USBKill
https://7io.net/2015/07/02/python-usbkill-anti-forensic-usb-killswitch/#more-201

Overlaps with T905.

Details

Impact
Normal