You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Working with one device I experienced an immediate hard reset (reboot) as soon as mvt established the adb connection and started the collection process.
Has this been experienced under any circumstances by anyone analyzing a real-world compromised device?
The text was updated successfully, but these errors were encountered:
Not that I know of. I have seen some spyware check if adb is enable and remove themselves in that case, but I doubt that a hard reset would be a good strategy. Could you do the check with modules one by one and see if a specific module is provoking the hard reset? I have seen some phones reboots in the past because some tools were exhausting their memory but mvt is pretty light generally
BY hard-reset I meant an interaction-free reboot, no userdata loss perceivable.
It is definitely something any post-exploitation kit will do (if developed properly). I will check again module by module. This was observed once, and then never again. Afterwards no IOCs were found.
How does mvt currently handle things like potential baseband compromise or partition alterations? I haven't gone deep into it, but I think it doesn't handle those cases (per limitations of adb possibly).
How does mvt currently handle things like potential baseband compromise or partition alterations? I haven't gone deep into it, but I think it doesn't handle those cases (per limitations of adb possibly).
It doesn't really, but some data collected could have information about that (like dumsys or processes running).
You can see the list of modules here and we are open to add more if you have any suggestions (as long as it is doable through adb)
Working with one device I experienced an immediate hard reset (reboot) as soon as mvt established the adb connection and started the collection process.
Has this been experienced under any circumstances by anyone analyzing a real-world compromised device?
The text was updated successfully, but these errors were encountered: