Skip to content

Roadmap

Jump to bottom
Tomasz Klim edited this page May 13, 2022 · 19 revisions

Our plans for near future

Do you want any of the below features? Sponsor us...

Gathering information

Finish update to the latest version of Kali Linux

Support for disk encryption schemes

  • HFS+ (older Mac OS)
  • ESET Endpoint Encryption (previously DESlock)
  • McAfee Drive Encryption

Support for more disk partitioning schemes

  • FreeBSD
  • possibly other *BSD
  • AIX

Support for RAID and network filesystems

  • is it possible to assemble and exfiltrate filesystems spanning multiple drives/hosts, based on discovered data?
  • RAID 5/6/...
  • ZFS/btrfs, possibly with encryption support
  • MooseFS, Ceph, GlusterFS etc.

Support for 802.1X

  • look for 802.1X certificate files and passwords
  • try to connect to protected networks
  • postpone executing all other hooks, until all drives are processed

Support for secured-core PC architecture

Support for hardware keys/modules and other mixed encryption methods

  • first research, what is really possible and usable in real-life scenarios
  • TPM modules
  • U2F keys (Yubikey, Google Titan etc.)
  • smart cards
  • biometric devices
  • HSM modules
  • Bitlocker PIN codes
  • VeraCrypt keyfiles (alone or mixed with passwords)
  • LUKS keyfiles

New hooks (if described functionality is possible)

existing hook-wcxftp
  • rewrite Python 2.x-based code to Python 3 (or PHP)
ssh keys
  • scan for ~/.ssh/id_rsa or other ssh private keys (parse ~/.ssh/config)
  • parse .bash_history and .zsh_history for connections using keys
  • try to find frameworks like Ansible and parse their configuration
  • use preconfigured keys from repository
  • finally, try to exfiltrate other machines via ssh
passwords
  • look for user passwords saved in browsers (Firefox, Chrome etc.)
  • look for ftp/sftp passwords from other programs
  • look for remote MySQL/Postgres/Mongo/other credentials, to "backup" them similarly to sf-backup
others
  • try to adapt DonPAPI
  • look for Windows password files
  • is it possible to extract SMB share credentials from Windows?
    • how about AD environment?
    • how about standalone Windows + Samba server?
    • either mapped to drive letter or not, but still available to open without password
    • mapped to drive letter using separate credentials

Fixes for known problems

  • properly recognize drive serial numbers behind RAID controllers

Management and reporting

Mobile Badger

  • deployment-scripts: support at least for Raspberry Pi with Raspbian
  • try to unify event logging between Drive Badger and Mobile Badger

Custom, preconfigured Drive Badger ISO images

  • online ISO setup via admin panel, then build, download, and deploy using Rufus
  • goal: no need to use Linux at all (at least during setup stage)

Mobile Badger as additional "feature" for embedded devices

  • scripts for repacking external firmware (at least these based on Debian or its derivative, and provided as ISO images, eg. this one)

Integration with forensic analysis tools

  • scripts preparing automatic imports to Magnet AXIOM, Paraben E3, FTK Forensic Toolkit and Autopsy
  • research of Oxygen Forensic Detective and Belkasoft Evidence Center X

Standalone reporting server

© Copyright 2020-2022 by Tomasz Klim Payload.pl

Clone this wiki locally