thanks for this inspiring share summary: utkusen is a productive open source greyhat with some projects listed below. the hilighted project may sound like a downer for some: "wholeaked" provides for free access to traceable document watermarking, which is often something paywalled by powerful organisations. hence, open source implementations are a gain. https://github.com/utkusen/wholeaked utkusen's other github repositories showcase many other tools.
if you have existing tools for working with watermarking, this tool could likely be used to give them a thorough testing. i did not visit the links when reviewing this post. > this post is an attempt to get this list back to the roots of what > cryptome is based on: leaked files. I attempt to share an interesting > coder, the coders shared work in his github and what is his most > interesting creation yet called wholeaked in hopes of drumming up > interesting discussions on leakers and related software, and hopefully > we can leave behind some of the insane and inane discussions of recent > history on this list. > > Ill first go over his github and the various projects he created and > the skills/languages he used to create the tools and then go onto > wholeaked, what it does, a brief explanation on how it does what it > does, its uses, its shortfalls and why its an interesting and > important addition to those who are for and/or against leaks and/or > leakers (it helps and works against both leakers and anti-leakers > both). Lets begin. > > the original Developer of this code quote about the project he named > "wholeaked": > "a file-sharing tool that allows you to find the responsible person in > case of a leakage" > > The github project page has 19 forks, uses the BSD-3-Clause License > and was created on January 26th, 2022 appears to be made by a talented > hacker named Utku Sen who's written other pro-privacy and published > them on github such as his "house party" emergency data locker tool > that encrypts every file in your home directory via remote command in > an attempt to block a thief's access to your documents, as well as > several anti-ransomware tools that detect when encrypting of files has > begun and stops the process and warns you as soon as it sees it > happening. A re-write of the program was done to have the code > available in python. > > His other open source tools include: > -several DoS tools, > -a url-shortener reversal tool, > -a fork of "empire" windows exploit toolkit for automated pwning of > windows domain controllers, > -an IRC based botnet/bot tool, > -a second fork of Empire with modifications to timing and order of > loading is functions for IDS evasion, > -a stresstester > -a program called jeopardize; a threat intelligence&response tool > against phishing domains > -and a mass-security-auditing toolkit > -a blackjack analyzer > -other interesting hack tools. > > The languages he uses to create these tools spans across various major > languages from C to python to visual basic to c# and finally Go. His > repos can be found here: https://github.com/utkusen?tab=repositories > > While the method this program uses is not brand new the program itself > is and it is more than a simple single functioning binary with only > one function..., it crosses platforms to every major 64 bit OS (linux > x64, macOSX x64and windows x64) which makes this program all the > more versatile to use > > Classification of program type: > The program might be whats known as a type of "traitor tracing" > software (see here: https://en.wikipedia.org/wiki/Traitor_tracing ) > ..and uses a canary trap to finger the leaker (see here: > https://en.wikipedia.org/wiki/Canary_trap ).. > > ..... some might be offended by such strong labels such as 'traitor' > to describe this software, as the word "traitor" could be replaced > with "brave unwavering ethical bar-setting/bar-raising whistleblower > hero" and the functionality of the software would be the exact same > even if the intent is different. > > > ...., the program helps you keep track of everyone who gets a copy of > the file that you suspect will be leaked (or you might do this as a > form of anti-copying enforcement in hopes of distributing the book > with consequences of getting fired from their job, fined or > imprisoned. Each copy that gets sent out gets its own unique invisible > watermark which is essentially just metadata that ties that particular > copy to the email address (or person) who you sent it too. > > When the file or files get leaked (or if it gets leaked) then you can > check the metadata in the copy of the now public file and see which > person the watermarks show that it was tied to, and then you've just > found your leaker. > > Here are the several ways you are able to tag the file (copied > directly from the github here: https://github.com/utkusen/wholeaked ) > > "wholeaked can add the unique signature to different sections of a > file. Available detection modes are given below: > > File Hash: SHA256 hash of the file. All file types are supported. > > Binary: The signature is directly added to the binary. Almost all file > types are supported. > > Metadata: The signature is added to a metadata section of a file. > Supported file types: PDF, DOCX, XLSX, PPTX, MOV, JPG, PNG, GIF, EPS, > AI, PSD > > Watermark: An invisible signature is inserted into the text. Only PDF > files are supported." > > A note of caution: Of course this tool will only reveal the most > inexperienced and/or over confident of leakers, as anyone with half a > brain will realize, 19th attempt to strip all metadata from the file > before leaking, if not altogether re-creating the document with > screenshotting each page of data one at a time with something like the > good old printscreen button and pasting and saving in ms paint or > something similar, One should consider using a brand new VM that was > spun up for this single purpose or a live linux distro like ubuntu > live or tails will also work (those who work in digital forensics are > much better to discuss this part of the topic!) > > This is but one way to by-pass someone using a > unique-injection-of-watermark-per-file leak-detection technique (try > saying that 5x fast!). among other methods, > > The _actual_ common term of this technique is called the canary trap > for the laymen, It is actually used in many different contexts that > are much different than someone breaching national security with PDF > files or whatever, like for example, some AV programs use canary files > that are placed in your documents folder and if the AV detects that > they are no longer accessible (yet still remain in your documents > folder) or if they appear to be modified, then the AV might cause all > processes to stop and block any processes from writing to disk until > the user either lets the processes continue after confirming that it > was not ransomware that modified, encrypted or changed the file. > > Wholeaked is essentially making every distributed file its own unique > identifiable canary. If that canary is ever found anywhere by being > leaked, then at the very least you will know who was responsible for > the file becoming public (if it was their intent on spreading the file > to the public or not!). > > What makes this one note-worthy is that it is now trivial to do it > easily without the need to understand concepts like unique > watermarking and metadata or how to add them correctly. Also that it > is open source with compiled binaries for windows, OSX and linux (you > can find the project, binaries and source code on github here: > https://github.com/utkusen/wholeaked/releases/tag/v0.1.0 ) > > Its a reminder to those who are experienced in leaking to stay > vigilant , less they be exposed (and in some states/places this could > mean death or worse to you and your family). > > Its also a wakeup call for those who leak who dont know what they are > doing , and might mean lost jobs, legal action, imprisonment and > possibly a lot more if they don't smarten up about their opsec. > > On the other hand, it could also mean the capture of those who are > leaking classified documents to rogue states who routinely deny > mountains of evidence of human rights abuses (im looking at you China) > for money, in which case, it would be a good thing exposing those who > give aid to powerful unethical monsors. > > No matter the use case, the tool is now in the hands of everyone and > anyone is free to add and change it for their own uses and publish > their own versions as a fork if they like. > > To end this post which has gone on far too long, here is the creators home > page: > > https://utkusen.com/ > > kudos you, Utkusen! > >
