Welcome to DamOS! DamOS is a Linux Based operating system that is being developed by a team of students working at the Senator Patrick Leahy Center for Digital Investigation. This project was originally conceived by DJ Palombo. This project has been presented at multiple conferences as a basic theory, but as time has gone by, the project has begun to take shape. The original theory was to take a Raspberry Pi and use it as a small form factor, low cost network monitor and attack box. The benefits of using something like this would be that it can be easily hidden and be fully automated, such that a user has internal access to a network and can begin attacking from within.

After an initial version of this project, it became evident that the original theory would not work. During the first round of testing, a Raspberry Pi was damaged by overworking it. After that, the project was pitched to the guys from Pwnie Express. They did not feel the project had much of a future and it was too close to their product, and they turned us down. Knowing the project needed a new base and needed to improve, it was evident that the project needed a new direction. This was achieved by switching platforms to the Odroid U3. Although this platform is a bit more expensive, the additional power made it far more practical for the project. After determining which platform we would switch to, a team was assembled to make this tool as powerful and as dangerous as possible.

Once the team was created, we began work immediately at Champlain College's LCDI. This team included DJ Palombo (Lead, Forensics), Grant Kaiser (Networking), Zach Reichert (Forensics), Dan Puckowski (Programmer), Andre Maccarone (Networking). Together, this team was able to take an Odroid with a stock image of Xubuntu 13.10 and turn it into a tool that has more functionality than most pen-testing distros, while automating as many tasks as is possible.

This tool is intended to be used by networking professionals, as well as penetration testers. The goal is to allow network professionals the ability to have one tool automatically run on their network that will test the systems for vulnerabilities, and then try to exploit the systems. This will give the professionals the ability to determine what holes need immediate patching, and what vulnerabilities are truly exploitable. Pen Testers can use this tool to drop off inside the location they are testing, which will grant them physical access. As the device is so small, the tester can easily hide it. This will show not only a physical security breach, but the possibilities for exploitation with this tool are nearly endless.

We do acknowledge the fact that this tool can be used for network attacks by malicious users, which is why we are working on a tool that will automatically detect this system running, which will help professionals defend against this, and be able to blacklist a device when needed.

Please feel free to contact us via any of the methods below for any questions or comments, or if you would like to become involved in the project. We are always looking for new ideas and new people to help test out the tool.