comparing two snapshots as stalkeware indicators
crispin75 opened this issue · comments
Antonio Catatayud OH commented
Let's assume that you own a phone that is under surveillance.
If you do a factory reset, after a few days the mobile is compromised again.
All stalkeware tools fail.
You are nearly sure your organization is using a surveillance provider with zero-day exploits, probably SMS ones.
You can root the device to ls all files with date and size.
Would be useful to compare two ls snapshots, first once device is reseted, and second after a couple of weeks?
What advice will you provide to do that?
Julien Voisin commented
This repository only provides indicators of compromise, not tooling around them.
You might be interested in this comment.