Apt Encounters of the Third Kind

3 comments

• bananamogul 4 hours ago
  “To be continued.”

  This was published in 2021 but apparently never continued.

  [-]
  • normie3000 3 hours ago
    Cue spooky music.
    [-]
    • Joel_Mckay 3 hours ago
      1. power off using switch

      2. boot from immutable live system

      3. sudo mkdir -p /mnt/sus/infected

      4. sudo ddrescue -d -f /dev/sda /mnt/sus/sus.img /mnt/sus/sus.log

      5. sudo kpartx -l /mnt/sus/sus.img

      6. sudo kpartx -av /mnt/sus/sus.img

      7. sudo mount -o loop /dev/mapper/loop0p2 /mnt/sus/infected

      8. sudo debsums -sac -r /mnt/sus/infected

      9. sudo umount /dev/mapper/loop0p2

      10. sudo kpartx -d /mnt/sus/sus.img

      11. Submit infected binaries in zip.vir file for forensic de-compilation, and ascertain how payload was dropped.

      Every once in a awhile these things happen. Better to redeploy a new clean OS container on the host, and dump the traffic with a remote live packet capture.

      Repeat as necessary. =3
• fisian 2 hours ago
  Discussion at the time: https://news.ycombinator.com/item?id=26591669
• igravious 27 minutes ago
  Apt Encounters of the Third Kind (2021)