Drive Badger: open source platform for covert data exfiltration operations, ranging from small computers to big servers.

Just for sure: do you represent the eligible entity? Please read this page, before you may need the below procedure.

Sometimes, even though the current operation is legal, you would like to hide its details. The exact reason is up to you. With Drive Badger, it is possible, as long you follow the below procedure and prevention methods.

What if I get caught in the action?

  1. Do whatever's possible to either turn off the computer, or disconnect the USB drive with Drive Badger.

    Persistent partition is encrypted to protect exfiltrated data from being accessed by any third party person - but also to protect you from being proven guilty of data exfiltration, industrial espionage etc. There is no way to distinguish between Drive Badger and ordinary Kali Linux, or to prove the fact of data exfiltration, until:

    • someone knows the proper LUKS password (remember about
    • it is caught in the act (including after the attack has finished, but the computer is still working)
    • you use the non-encrypted persistent partition (it is required for some old platforms)
  2. You will still need to find a good explanation, why you tried to run Kali Linux Live on someone's computer without even asking for permission.

Preventing password leaks

  1. First of all, use encrypted persistent partitions where possible. Having some spare Drive Badger devices to handle old computers should be an exception - while in normal circumstances you should always encrypt everything.

  2. Use different passwords:

    • at least different for each human, that you want to give access - and different ones for any scripts, in which you plan to hardcode passwords
    • preferably different for each single drive (if too complicated, try to use a password scheme for each drive, eg. P0lic3Dr1v3S@msungG0ld, P0lic3Dr1v3S@msungR3d, P0lic3Dr1v3S@nd1skPr0)
    • remember that in LUKS you have 8 parallel password slots - so you can define different passwords for multiple operators working with the same drive
  3. Use good passwords: strong, but easy to remember by attack operators.

  4. Give passwords to people that you trust enough (in both their intentions, and their carefulness).

  5. Use a password manager (eg. KeePass) to store passwords. Avoid writing them on paper - and if you have to, write password and other detail on separate papers.

  6. Don't make any labels on your drives.

  7. When entering the password, make sure that noone is watching your keyboard.

  8. Avoid USB hardware keyloggers: if possible, try to check the keyboard cable for any suspicious looking devices, eg. adapters, cable extensions that aren't justified by the distance between keyboard and computer. If you have doubts, disconnect the keyboard and use a different one. Also, avoid wireless keyboards.

From the founder...

Being in IT security business for almost 25 years, I realized, that breaking protections (or preventing it) is becoming less and less important. We are not living in Outlook Express times anymore...
The key point is the ability to keep the privileges permanent, once obtained. This becomes more and more difficult, as IT systems get more and more complicated - and this is exactly the goal of Drive Badger project: to give non-ITSEC people the ability to keep either the privileges, or the outcome of the successful break-in.