Asia-24-Frielingsdorf-YouShallNotPassAnalysing.pdf

1、#BHASIA BlackHatEventsYou Shall not PASSAnalysing a NSO iOS Spyware SampleMatthias Frielingsdorf#BHASIA BlackHatEventsMatthias FrielingsdorfVP of Research at iVerifyiOS Malware&Mobile Device Securityhelthydriver#BHASIA BlackHatEventsSeptember 7th 2023#BHASIA BlackHatEventsiOS 9iOS 10iOS 11iOS 12iOS

2、13iOS 14iOS 15iOS 16Infection VectorTargetsDetection&Technical Analysis IOCsDetectionCVEsAttributioniMessageCitizen LabNSOPassKitAttachmentUSA Based Civil Society Forensic AnalysisCVE-2023-41061CVE-2023-410642023 Pegasus BLASTPASS Exploit#BHASIA BlackHatEventsSome BlastPass ReportsApple-About the se

3、curity content of iOS 16.6.1 and iPadOS 16.6.1https:/ 7th 2023 https:/citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/Amnesty International-Forensic appendix:Pegasus 0-Clickhttps:/securitylab.amnesty.org/latest/2023/12/pegasus-zero-click-exploit-thre

4、atens-journalists-in-india/iVerify-Clipping Wings:Our Analysis of a Pegasus Spyware Samplehttps:/www.iverify.io/post/clipping-wings-our-analysis-of-a-pegasus-spyware-sample#BHASIA BlackHatEventsToday#BHASIA BlackHatEventsNo 0-Days revealed#BHASIA BlackHatEventsNo weaponised sample leaked!#BHASIA Bla

5、ckHatEventsBut#BHASIA BlackHatEventsA journey on how we discovered and analyzed the latest sample of NSOs Pegasus Exploit!#BHASIA BlackHatEventsTodayDetecting iOS Malware with Forensic AnalysisShow the Steps which are necessary to unveil the final PayloadDiscuss some Indicators of Compromise for thi

6、s specific sample.123#BHASIA BlackHatEvents#BHASIA BlackHatEventsHow to do Forensic Analysis?#BHASIA BlackHatEventsOBTSv5 In Walled Gardens be care Fun of Poisoned Apples2023Previous iOS Malware Detection Talks2022HITB AMS Poisoned Apples-Current state of iOS Malware DetectionOBTSv6 Poisoned -How do