Update README.md
This commit is contained in:
parent
48be48febf
commit
6d6ca90e42
31
README.md
31
README.md
@ -8,7 +8,7 @@ The idea of TinyCheck emerged in a meeting about stalkerware with a [French wome
|
|||||||
|
|
||||||
Of course, TinyCheck can also be used to spot any malicious communications from cybercrime to state-sponsored implants. It allows the end-user to push his own extended Indicators of Compromise via a backend in order to detect some ghosts over the wire.
|
Of course, TinyCheck can also be used to spot any malicious communications from cybercrime to state-sponsored implants. It allows the end-user to push his own extended Indicators of Compromise via a backend in order to detect some ghosts over the wire.
|
||||||
|
|
||||||
*If you need more documentation about the internals, don't hesitate to take a look at the [TinyCheck Wiki](https://github.com/KasperskyLab/TinyCheck/wiki).*
|
*If you need more documentation on how to install it, use it and the internals, don't hesitate to take a look at the [TinyCheck Wiki](https://github.com/KasperskyLab/TinyCheck/wiki).*
|
||||||
|
|
||||||
*If you have any question about the projet. Want to contribute or just send your feedbacks, don't hesitate to contact us at tinycheck[@]kaspersky[.]com.*
|
*If you have any question about the projet. Want to contribute or just send your feedbacks, don't hesitate to contact us at tinycheck[@]kaspersky[.]com.*
|
||||||
|
|
||||||
@ -22,35 +22,6 @@ TinyCheck can be used in several ways by individuals and entities:
|
|||||||
- In kiosk mode - TinyCheck can be used as a kiosk to allow visitors to test their own devices.
|
- In kiosk mode - TinyCheck can be used as a kiosk to allow visitors to test their own devices.
|
||||||
- Fully standalone - By using a powerbank, two Wi-Fi interfaces or a 4G dongle and a small touch screen [like in this video](https://twitter.com/felixaime/status/1331535790392946689), you can tap any device anywhere.
|
- Fully standalone - By using a powerbank, two Wi-Fi interfaces or a 4G dongle and a small touch screen [like in this video](https://twitter.com/felixaime/status/1331535790392946689), you can tap any device anywhere.
|
||||||
|
|
||||||
### Few steps to analyze your smartphone
|
|
||||||
|
|
||||||
1. **Disable mobile aka. cellular data** <br/>
|
|
||||||
Disable the 3G/4G data link in your smartphone configuration.
|
|
||||||
2. **Close all the opened applications** <br/>
|
|
||||||
This to prevent some FP. Can be good also to disable background refresh for the messaging/dating/video/music apps.
|
|
||||||
3. **Connect your smartphone to the WiFi network generated by TinyCheck** <br/>
|
|
||||||
Once connected to the Wi-Fi network, its advised to wait like 10-20 minutes.
|
|
||||||
4. **Interact with your smartphone**<br/>
|
|
||||||
Send an SMS, make a call, take a photo, restart your phone - some implants might react to such events.
|
|
||||||
5. **Stop the capture**<br/>
|
|
||||||
Stop the capture by clicking on the button.
|
|
||||||
6. **Analyze the capture** <br/>
|
|
||||||
Analyze the captured communication, enjoy (or not).
|
|
||||||
7. **Save the capture** <br/>
|
|
||||||
Save the capture and the PDF report on an USB key or by direct download.
|
|
||||||
|
|
||||||
### Architecture
|
|
||||||
|
|
||||||
TinyCheck is divided in three independent parts:
|
|
||||||
|
|
||||||
- A backend: where the user can add his own extended IOCs, whitelist elements, edit the configuration etc.
|
|
||||||
- A frontend: where the user can analyze the communication of his device by creating an ephemeral WiFi AP.
|
|
||||||
- An analysis engine: used to analyze the pcap by using Zeek, Suricata, extended IOCs and heuristics.
|
|
||||||
|
|
||||||
The backend and the frontend are quite similar. Both consist of a [VueJS](https://vuejs.org/) application (sources stored under `/app/`) and an API endpoint developed in [Flask](https://flask.palletsprojects.com/) (stored under `/server/`). The data shared between the backend and the frontend are stored under the `config.yaml` file for configuration and `tinycheck.sqlite3` database for the whitelist/IOCs.
|
|
||||||
|
|
||||||
It is worthy to note that not all configuration options are editable from the backend (such as default ports, Free certificates issuers etc.). Don't hesitate to take a look at the `config.yaml` file to tweak some configuration options.
|
|
||||||
|
|
||||||
### Installation
|
### Installation
|
||||||
|
|
||||||
Please check the few steps in the [Wiki's Installation Page](https://github.com/KasperskyLab/TinyCheck/wiki/TinyCheck-installation).
|
Please check the few steps in the [Wiki's Installation Page](https://github.com/KasperskyLab/TinyCheck/wiki/TinyCheck-installation).
|
||||||
|
Loading…
Reference in New Issue
Block a user