MakeHaven members are increasingly interested in cybersecurity, penetration testing, malware discovery, and software exploits. Privacy-auditing methods, such as static analysis, are intertwined with effective cybersecurity, and also require an understanding of technology such as the Dark Web. Researchers from Yale Privacy Lab have set up this area of MakeHaven for workshops and projects at the intersection of cybersecurity and privacy. These three Raspberry Pi offer a wide variety of tools in a small package, demonstrating the strength of single-board computers for practical education and research.
This Raspberry Pi has been configured for static and network analysis and features a full set of cybersecurity tools. PiRogue is a project that enhances Kali Linux, providing customizations to mitmproxy and other tools that allow for network analysis, as well as output of network traffic to a simple OLED screen.
Use Cases: * Man-in-the-Middle (MITM) - The device can be configured as a transparent network proxy, acting as a MITM wireless access point and capturing network packets. Users can audit the privacy and security of a mobile app, for example, by connecting their smartphone to the PiRogue and viewing network traffic.
Exodus - The Exodus scanner simplifies static analysis of mobile apps in Google Play and allows users to easily identify trackers on Android devices, using hundreds of tracker profiles provided by Yale Privacy Lab, F-Droid, and Exodus Privacy.
Metasploit Framework - Metasploit is a popular exploit and penetration testing suite. Using metasploit, users can assess the security of devices and networks, while training for industry-standard certifications in the cybersecurity field.
This Raspberry Pi acts as a communications hub for emerging privacy services. FreedomBox is based upon Debian GNU/Linux, and features a wide variety of private communication and collaboration tools. It also functions as a node on the Dark Web, hosting a Tor bridge and .onion hidden service. This FreedomBox does not store any data from other Tor users, only offering a .onion address so that services on the device may be accessed anonymously by MakeHaven members. These tools are an essential piece of the cybersecurity puzzle, allowing members to learn about decentralized, encrypted, and anonymous software.
Dark Web - Tor is the standard anonymity network that is popularly called the Dark Web. Tor is the backbone of nearly all anonymous communication platforms, and is a growing area of research. FreedomBox hosts the Gobby document editing service over Tor as well as MediaWiki, the software behind Wikipedia, and offers the unique opportunity of studying the Dark Web in a controlled environment.
Gobby - Gobby is collaborative editing software that allows users to edit the same document at the same time, without need for third-party cloud hosting.
Jabber/XMPP - XMPP is a decentralized IM protocol that can be used for encrypted off-the-record (OTR) messaging.
Tahoe-LAFS - This file storage solution is a truly-decentralized alternative to cloud storage such as Dropbox and utilizes client-side encryption to keep files confidential.
Matrix.org - Matrix.org is a Slack replacement that is hosted locally and does not require third-party authentication. It features strong encryption and may be accessed across a variety of friendly clients on desktop and mobile devices.
This Raspberry Pi has a custom desktop OS installed called Quillux GNU/Linux. Like Kali Linux and FreedomBox, its underlying base is Debian. Quillux is a friendly operating system with strong security and excellent privacy, giving MakeHaven members a simple interface for accessing the PiRogue and FreedomBox. The desktop apps in Quillux correlate with the services / tools on the other two Raspberry Pi devices, and also include popular end-to-end encryption (E2EE) clients.
- Firefox (with adblockers, tracking protection, and privacy-respecting search defaults)
- Tor Browser (anonymous Web browsing)
- OnionShare (anonymous filesharing via Tor)
- Ricochet (private chat via Tor)
- Riot (private chat via Matrix.org)
- Signal (desktop version of private mobile chat app)
- Wire (desktop version of private mobile chat app)
- Jami (private communication suite)
- Pidgin (Jabber/XMPP chat with encryption plugins)
- Hexchat (IRC chat with encryption plugins)
- Thunderbird (e-mail client with Enigmail PGP/GPG plugin)
Quillux is developed by researchers at Yale Privacy Lab. MakeHaven members have the opportunity to collaborate on the operating system, shape its development, and learn how such custom OS "respins" are created.