It's a platform for data exfiltration – which means, for copying data from someone's computer or mobile device to external USB drive. Mostly without knowledge or consent of the owner.
2. Why ever use Drive Badger? This can be done manually...
That's true. Drive Badger is not a bag of 0-day exploits or anything similar. It just automates the whole exfiltration process, to speed it up,
prevent typical user mistakes and add some additional security measures to protect operators caught in the action. See the details.
3. Can I exfiltrate devices with encrypted hard drives?
Compare Drive Badger with other lawful interception platforms:
Pegasus by NSO Group
DevilsTongue by Candiru
Why Drive Badger?
Thanks to over 400 unique exclusion rules, Drive Badger is able to reduce the amount of files to be copied
by eliminating low-value files and directories from the list, and thus save typically over 95% of the time.
The whole operation is done below the installed operating system, so totally invisible to the installed
security software (anti-virus, DLP, SIEM, EDR etc.). And for Windows itself.
Being in IT security business for almost 25 years, I realized,
that breaking protections (or preventing it) is becoming less and less important. We are not
living in Outlook Express times anymore...
The key point is the ability to keep the privileges permanent, once obtained.
This becomes more and more difficult, as IT systems get more and more complicated - and this is
exactly the goal of Drive Badger project: to give non-ITSEC people the ability to keep either
the privileges, or the outcome of the successful break-in.