Drive Badger: open source platform for covert data exfiltration operations, ranging from small computers to big servers.

The main Drive Badger advantage over ad-hoc exfiltration scripts is a set of over 400 unique exclusion rules, which reduce the amount of files to be copied by eliminating low-value files and directories from the list, thus save typically over 95% of the time, that would be spent by "naive" script - eg. Windows system files.

Thanks to these rules, the whole exfiltration operation of typical office computer takes usually below 2 minutes.

That's just speed advantage. Check also other advantages of Drive Badger.

Functional groups

All rules are divided into a few functional groups. Each group can be configured on Drive Badger or Mobile Badger devices separately from others:

  • exclude-windows - exclude Windows system files, drivers, popular OEM software, PDF readers, standard office applications (Firefox, Thunderbird, LibreOffice) and other irrelevant stuff
  • exclude-linux - exclude Linux system directories
  • exclude-macos - exclude Mac OS system directories
  • exclude-antivirus - exclude virus databases and other similar, completely irrelevant files
  • exclude-software - exclude irrelevant files related to various common software (popular, but installed rather individually)
  • exclude-devel - exclude irrelevant, software development-related files
  • exclude-user - exclude irrelevant, user-related files: multimedia (except photos), games, caches, telemetry etc.
  • exclude-erp - exclude ERP systems installation files

Technical details

The actual exfiltration process is realized using rsync tool, with parameters --exclude-from for each group.

Each functional group is maintained as separate Git repository, containing exclude.list file. All repositories listed above are maintained as a part od Drive Badger project, so you can rely on their timeliness and quality.

You can fork each of these repositories and maintain these forks on your own. You can even create completely new sets of rules, and use them on your Drive Badger / Mobile Badger devices.

From the founder...

Being in IT security business for almost 25 years, I realized, that breaking protections (or preventing it) is becoming less and less important. We are not living in Outlook Express times anymore...
The key point is the ability to keep the privileges permanent, once obtained. This becomes more and more difficult, as IT systems get more and more complicated - and this is exactly the goal of Drive Badger project: to give non-ITSEC people the ability to keep either the privileges, or the outcome of the successful break-in.