TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them.
This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs).
The idea of TinyCheck emerged in a meeting about stalkerware with a French women’s shelter.
During this meeting we talked about how to easily detect stalkerware without installing very technical apps nor doing forensic analysis on the victim’s smartphone.
The initial concept was to develop a tiny kiosk device based on Raspberry Pi which can be used by non-tech people to test their smartphones against malicious communications issued by stalkerware or any spyware.
Of course, TinyCheck can also be used to spot any malicious communications from cybercrime to state-sponsored implants.
It allows the end-user to push their own extended Indicators of Compromise via a backend in order to detect some ghosts over the wire.
If you need more documentation on how to install it, use it and the internals, don’t hesitate to take a look at the TinyCheck Wiki.
TinyCheck can be used in several ways by individuals and entities:
Please check the few steps in the Wiki’s Installation Page.
The frontend – which can be accessed from http://tinycheck.local is a kind of tunnel which help the user throughout the process of network capture and reporting.
It allows the user to setup a Wi-Fi connection to an existing Wi-Fi network, create an ephemeral Wi-Fi network, capture the communications and show a report to the user… in less than one minute, 5 clicks and without any technical knowledge
Once installed, you can connect yourself to the TinyCheck backend by browsing the URL https://tinycheck.local and accepting the SSL self-signed certificate.
The backend allows you to edit the configuration of TinyCheck, add extended IOCs and whitelisted elements in order to prevent false positives.
Several IOCs are already provided such as few suricata rules, FreeDNS, Name servers, CIDRs known to host malicious servers and so on.
AutoExif is a powerful Bash script designed to streamline the process of editing image metadata…
SimpleImager V4.3, your go-to tool for streamlined system imaging and data acquisition. Designed to simplify…
MetaOSINT enables open source intelligence ("OSINT") practitioners to jumpstart their investigations by quickly identifying relevant,…
ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website.…
Myself and any other potential contributors to this website are NOT in any way affiliated…
The Mobile Evidence Acquisition Toolkit designed by BlackStone Discovery. Developed to enhance digital forensics, this…