CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-02-13 00:52:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,064 Commits 47 Branches 71 Tags
refactor/structured-alerting
Commit Graph

25 Commits

Author SHA1 Message Date
Donncha Ó Cearbhaill
2d547662f8 Rework old detections tracking into stuctured alert levels 2025-02-19 23:46:03 +01:00
Donncha Ó Cearbhaill
1b03002a00 Major refactor to add structured alerting and typed indicators 
This commit makes a structural change to MVT by changing binary
detected/not detected logic into a structured multi-level system
of alerts. This gives far more power to extend MVT and manage
alerts.

This commit also begins the process of adding proper typing for
key objects used in MVT including Indicators, IndicatorMatches,
and ModuleResults. This will also be keep to programmatically using
the output of MVT.
 2025-02-16 00:16:34 +01:00
Donncha Ó Cearbhaill
a08c24b02a Deduplicate modules which are run by the sub-commands. 2025-02-10 20:32:51 +01:00
Donncha Ó Cearbhaill
5d696350dc Run bugreport and backup modules during check-androidqf 
Adding support to automatically run ADB backup and bugreport modules
automatically when running the check-androidqf command. This is a first
step to deduplicate the code for Android modules.
 2025-02-10 19:28:20 +01:00
Donncha Ó Cearbhaill
43901c96a0 Add improved heuristic detections to AppOps module 2025-01-30 13:02:26 +01:00
tes
9d81b5bfa8 Add a module to parse uninstalled apps from dumpsys data, for both bugreport and AndroidQF output, and match them against package name IoCs. 2024-12-11 16:47:19 -03:00
Donncha Ó Cearbhaill
5fe8238ef0 Update tests to work with the new side-loading detections 2024-10-24 17:35:34 +02:00
Donncha Ó Cearbhaill
3afe218c7c Add support for check APK certificate hash IOCs (#557) 
* Fix bug loading indicators which I introduced in 81b647b

* Add support for matching on APK certificate hash IOCs
 2024-10-18 16:35:50 +02:00
Donncha Ó Cearbhaill
665806db98 Add initial parser for ADB state in Dumpsys (#547) 
* Add initial parser for ADB dumpsys

* Add ADBState tests and support for AndroidQF and
check-adb

* Handle case where ADB is not available in device dumpsys
 2024-10-18 15:31:25 +02:00
Tek
a03f4e55ff Adds androidqf files module (#541) 
* Adds androidqf files module

* Add new files module to module list

---------

Co-authored-by: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
 2024-10-17 18:32:23 +02:00
tek
617c5d9e1c Fixes import order 2024-09-28 13:15:43 +02:00
Rory Flynn
caeeec2816 Add packages module for androidqf (#506) 
* Add Packages module for androidqf

* Update test
 2024-06-24 19:00:07 +02:00
Nex
9988887d27 Updated copyright notice 2023-09-09 17:55:27 +02:00
tek
e60e5fdc6e Refactors DumpsysBatteryHistory and adds related androidqf module 2023-08-04 19:20:14 +02:00
tek
7e0e071c5d Refactor DumpsysBatteryDaily module and add related artifact 2023-08-04 16:17:52 +02:00
tek
6356a4ff87 Refactor code of DumpsysDBInfo 2023-07-31 23:43:20 +02:00
Tek
3ec3b86a45 Adds support for zip files in check-androidqf command (#372) 2023-07-26 13:53:54 +02:00
Donncha Ó Cearbhaill
a2386dbdf7 Refactor Android backup password handling and add tests 2023-07-22 19:17:27 +02:00
Nex
e1677639c4 Linted code using isort + autoflake + black, fixed wrong use of Optional[bool] 2023-06-01 23:40:26 +02:00
tek
b5d7e528de Adds indicators for android properties 2023-03-29 12:57:41 +02:00
tek
4ed8ff51ff Improves code PEP8 compliance and adds ruff check 2023-03-01 16:43:08 -05:00
tek
ce177978cd Sort imports 2023-02-14 11:51:55 -05:00
tek
704ea39569 Removes empty lines to be PEP8 compliant 2023-02-08 20:20:13 +01:00
tek
81ed0b0c19 Update copyright information 2023-02-08 20:18:16 +01:00
tek
66c015bc23 Improves check-androidqf tests 2022-10-11 13:07:24 +02:00