c_meyer/KasperskyLab-TinyCheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Félix Aimé 2021-01-25 19:49:37 +01:00 committed by GitHub
parent 48be48febf
commit 6d6ca90e42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
README.md
View File

@ -8,7 +8,7 @@ The idea of TinyCheck emerged in a meeting about stalkerware with a [French wome
Of course, TinyCheck can also be used to spot any malicious communications from cybercrime to state-sponsored implants. It allows the end-user to push his own extended Indicators of Compromise via a backend in order to detect some ghosts over the wire.
*If you need more documentation about the internals, don't hesitate to take a look at the [TinyCheck Wiki](https://github.com/KasperskyLab/TinyCheck/wiki).*
*If you need more documentation on how to install it, use it and the internals, don't hesitate to take a look at the [TinyCheck Wiki](https://github.com/KasperskyLab/TinyCheck/wiki).*
*If you have any question about the projet. Want to contribute or just send your feedbacks, don't hesitate to contact us at tinycheck[@]kaspersky[.]com.*
@ -22,35 +22,6 @@ TinyCheck can be used in several ways by individuals and entities:
- In kiosk mode - TinyCheck can be used as a kiosk to allow visitors to test their own devices.
- Fully standalone - By using a powerbank, two Wi-Fi interfaces or a 4G dongle and a small touch screen [like in this video](https://twitter.com/felixaime/status/1331535790392946689), you can tap any device anywhere.
### Few steps to analyze your smartphone
1. **Disable mobile aka. cellular data** <br/>
Disable the 3G/4G data link in your smartphone configuration.
2. **Close all the opened applications** <br/>
This to prevent some FP. Can be good also to disable background refresh for the messaging/dating/video/music apps.
3. **Connect your smartphone to the WiFi network generated by TinyCheck** <br/>
Once connected to the Wi-Fi network, its advised to wait like 10-20 minutes.
4. **Interact with your smartphone**<br/>
Send an SMS, make a call, take a photo, restart your phone - some implants might react to such events.
5. **Stop the capture**<br/>
Stop the capture by clicking on the button.
6. **Analyze the capture** <br/>
Analyze the captured communication, enjoy (or not).
7. **Save the capture** <br/>
Save the capture and the PDF report on an USB key or by direct download.
### Architecture
TinyCheck is divided in three independent parts:
- A backend: where the user can add his own extended IOCs, whitelist elements, edit the configuration etc.
- A frontend: where the user can analyze the communication of his device by creating an ephemeral WiFi AP.
- An analysis engine: used to analyze the pcap by using Zeek, Suricata, extended IOCs and heuristics.
The backend and the frontend are quite similar. Both consist of a [VueJS](https://vuejs.org/) application (sources stored under `/app/`) and an API endpoint developed in [Flask](https://flask.palletsprojects.com/) (stored under `/server/`). The data shared between the backend and the frontend are stored under the `config.yaml` file for configuration and `tinycheck.sqlite3` database for the whitelist/IOCs.
It is worthy to note that not all configuration options are editable from the backend (such as default ports, Free certificates issuers etc.). Don't hesitate to take a look at the `config.yaml` file to tweak some configuration options.
### Installation
Please check the few steps in the [Wiki's Installation Page](https://github.com/KasperskyLab/TinyCheck/wiki/TinyCheck-installation).