Page MenuHomePhorge

Packaging USBKill
Open, WishlistPublic

Description

USBKill (GPL licensed) is a really cool anti-forensics script written in the aftermath of the SilkRoad trial. Its purpose is to trigger protection events that prevents adversaries from siphoning files/installing malware/running a mouse jiggler. It creates a USB whitelist of allowed devices of which anything else plugged into the machine causes it to erase its RAM and immediately shutdown. This can be adjusted to exclude all devices.

It can also be used in reverse, with a whitelisted flash drive in the USB port attached to the user's wrist via a lanyard serving as a key. In this instance, if the flash drive is forcibly removed, the program will initiate the desired routines.


github.com/hephaest0s/usbkill
github.com/hephaest0s/usbkill/issues/75 - RFP

https://github.com/Lvl4Sword/Killer
https://github.com/Lvl4Sword/Killer/issues/31 - RFP

https://en.wikipedia.org/wiki/USBKill
https://7io.net/2015/07/02/python-usbkill-anti-forensic-usb-killswitch/#more-201

Overlaps with T905.

Details

Impact
Normal

Event Timeline

An interesting product that triggers a system wipe if the cable is pulled:

https://www.schneier.com/blog/archives/2020/01/usb_cable_kill_.html

Of course it is too risky and very likely to create a false positive. May risk the cable being backdoored in a waterhole attack if it requires a tailored hardware product to work.