https://www.sigstore.dev/ ( & cosig https://github.com/sigstore/cosign )
https://in-toto.io/
(cf. red hat trusted software supply chain which actually embeds those open source tools)
+ backstage.io for "platform engineering"
https://www.sigstore.dev/ ( & cosig https://github.com/sigstore/cosign )
https://in-toto.io/
(cf. red hat trusted software supply chain which actually embeds those open source tools)
+ backstage.io for "platform engineering"
Following pegasus revelations, I decided to play a bit with the tool provided by Amnesty International Security Lab in July 2021.
Forensics, long time no see !
Sources : https://github.com/mvt-project/mvt
Doc : https://docs.mvt.re/en/latest/android/download_apks.html
Pretty strait-forward, once you have ADB installed on your computer.
the following steps are for and android phone + mac OS laptop
Step 0 : set your phone in "developper mode". For me I had to go to the settings and press 7 times on the release logo.
Step 1 : plug your phone in USB, enabling USB debugging https://developer.android.com/studio/debug/dev-options#enable%3E
Step 2 : install ADB
brew install android-platform-tools
Check that you see your device, and then stop adb (not required after).
adb devices
adb kill-server
Step 3 : install mvt
pip3 install mvt
Step 4 : run mvt over your phone
mkdir output && mvt-android download-apks --output ./output --all-checks
sudo add-apt-repository ppa:mozillateam/firefox-stable
sudo apt-get update && sudo apt-get upgrade
$ dpkg --get-selections > liste-pkg
# dpkg --set-selections < liste-pkg
# apt-get dselect-upgrade
$ aptitude why python-notify
export DEBIAN_FRONTEND=noninteractive
yes '' | apt-get -y -o Dpkg::Options::="--force-confdef" -o
X Dpkg::Options::="--force-confold" dist-upgrade