Questions tagged [apt]
APT Stands for "Advanced Persistent Threat". It is usually used in reference to a threat posed by a group with the capability and intent to persistently and effectively carry out cyber attacks against specific entities. APT has been used to refer to either the perpetrators, or the actual hack itself (typically when there is no attribution).
50 questions
8 votes
3 answers
3k views
Why do APTs stick to their TTPs when they are widely documented and can be defended against?
I was researching on Threat Intelligence and came across the Pyramid of Pain. The pyramid places Tactics, Techniques, and Procedures (TTPs) at the top, indicating that having defense mechanisms ...
- 1,447
2 votes
0 answers
118 views
Which security measures are reasonable for senior management in a Fortune 500 company if nation state threat actors like APT28 become a concern?
Current Threat Intelligence leads me to believe, that Senior Management of my company could be targeted by Threat Actors like APT28. Threats I am concerned about are - listed by priority: Information ...
1 vote
1 answer
4k views
Difference between a RAT and a hVNC
What is the difference between a Remote Access Trojan and a hidden Virtual Network Computing? It seems that both software allows a hacker to access a victim's computer and to spy on activity.
- 11
5 votes
3 answers
4k views
ubuntu sources.list urls are not HTTPS -- what risk does this present, if any?
I was looking at the installation instructions for VS Code today and found this step curious: sudo apt install apt-transport-https I see that there appears to be https transport available for apt: $ ...
- 226
4 votes
1 answer
584 views
Does apt-get enforce cryptographic authentication and integrity validation by default for all packages? (debian, ubuntu)
Does the built-in apt package manager in Debian-based systems require successful cryptographic authentication and integrity validation for all packages? My understanding was that software downloaded ...
- 1,196
1 vote
2 answers
227 views
Securely installing software in a hostile environment
Consider the case where a user with a freshly installed Linux box is operating in a hostile environment controlled by an attacker with access to the internet gateway. How can such a user update the ...
- 993
0 votes
0 answers
518 views
how to document and check apt inrelease files? are there blockchain records for that?
apt InRelease files update like twice every day, in ubuntu repositories and their mirrors. similarly in ubuntu and debian based distros, and other apt repositories. these files are small text files ...
- 99
3 votes
2 answers
272 views
Why is the term "nation state" used to refer to a government-sponsored effort in infosec, and is it accurate? [closed]
I work in infosec and as such, have read many whitepapers and been to many conference talks. I hear all the time, especially in conversation and literature about malware, the term "nation state" used ...
- 1,362
2 votes
1 answer
134 views
What additional privacy impact does using the COVIDsafe app have for people in Australia who are using their phones normally?
I've been trying to encourage some people I know to install and use the COVIDsafe app. Some people have raised privacy concerns as a reason to not install the app (there's other concerns, such as it ...
- 2,122
9 votes
1 answer
1k views
How to verify that Google's apt signing key change is not malicious?
I have an Ansible script that setup google chrome apt repo. I keep Google's signing key together with the scripts (rather than download it every time) because I think it minimizes the chance of ...
- 191
2 votes
1 answer
1k views
The following signatures were invalid: EXPKEYSIG 6494C6D6997C215E Google Inc despite correct signing key
Ubuntu (focal 20.04) Using Google webdesigner apt repository in /etc/apt/sources.list.d/google-webdesigner.list: deb [arch=amd64] https://dl.google.com/linux/webdesigner/deb/ stable main leads to: #...
1 vote
0 answers
189 views
Is the usage of "wocao" in this context unprecedented? [closed]
In this whitepaper, they use a HTTP server history (see screenshot) as the basis for the codename of an identified attack, "Operation Wocao". https://www.fox-it.com/en/news/whitepapers/operation-wocao-...
- 111
0 votes
3 answers
1k views
Under which conditions can dllhost.exe spawn child process? | MITRE ATT&CK T1191
I was looking for conditions/circumstances under which Dllhost.exe can spawn a child process. I examined a huge quantity of event logs from various Windows system and didn't come across any event in ...
- 1
2 votes
3 answers
1k views
Would an Ubuntu server accessible from the internet be hacked within days?
I created an Ubuntu server on Digital Ocean to deploy my app on. Less then 24 hours later, I log in to the server and see this: 18 packages can be updated. 7 updates are security updates. I install ...
- 131
0 votes
3 answers
368 views
Is my PC safe after DSA-4371?
I used sudo apt-get update sudo apt-get upgrade before I read https://www.debian.org/security/2019/dsa-4371 There was I change that my PC got exploited/hacked/virused. So I used chkrootkit and ...
