Inspiration
Caetra (/kaˈetɾa/) was the shield used by Iberian
A better version (I hope) of CanaryUSB
What it does
Caetra uses eBPF (extended Berkeley Packet Filters) to try secure a Linux machine against physical threats, like implants installation or badUSB usage, or at least be aware about a potential attack, monitoring kernel kprobes related with hardware interactions like attaching an USB, detaching an HID or uplug the laptop from power source. It uses BPF Compiler Collection BCC to do the kernel tracing and manipulation program.
In order to be able to notify the user or cybersecurity responsables by now Caetra uses Thinkst Canary and/or Telegram Bot. On the other hand a more defensive approach has been implemented on USB Shield that allows to de-authorize the attached device.
The idea is to leave Caetra running when you leave your machine unattended, e.g. when it's lock or on suspension mode.
How we built it
With Vim.
Challenges we ran into
Going through the related functions and structs on the Linux kernel. Testing the functionality.
Accomplishments that we're proud of
e.g. be able to de-authorize an attached USB
What we learned
Lot of things related with eBPF and Linux Kernel
What's next for Caetra
Shields TODOs
- [ ] accelerometers (I don't have a device with an accelerometer sensor)
Code
- [ ] cli
- [ ] general logger configuration
- [ ] rethink how to run the whole thing; ponder about running all the shields on multhread mode
Senders TODOs
- [ ] implement elasticSearch and Kibana
![Carvilsi [Char]](https://avatars.githubusercontent.com/u/4671780?height=180&v=4&width=180 "Carvilsi [Char]")
Log in or sign up for Devpost to join the conversation.