Jared Naude (140)
A summary showing infection mechanisms and the forensic artifacts that are left / removed when an infection occurs. #38c3
If you analyzing backups, there are specific files that can be analyzed for traces of an infection. #38c3
Sysdiagnose can be used for analyzing a phone for an infection. The table below shows the capabilities of the tool. Forensic analysis has some challenges which includes the amount of time that it takes, backups can take hours depending on how much storage the user has. The user needs to interact with the phone during the analysis process and requires some knowledge of IT to do properly.
From Pegasus to Predator - The evolution of Commercial Spyware on iOS by Matthias Frielingsdorf
An analysis how exploits, infection vectors and methods of commercial spyware on iOS have changed over time.
Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network by Hiro & Gus
This talk will cover recent news, the current state of the network, how we determine its health, and the strategies to strengthen its resilience, addressing challenges around sustainability and governance. #38c3 🧵
In 2019, a campaign against Uygures in Nepal which was attributed to i-Soon and used 14 individual exploits. Data that was transferred was done in an unencrypted way. #38c3
In 2022, an app was used to do the infection by RCS labs that used multiple exploits. In 2023, Kaspersky found an active exploitation that chained 4 exploits together to perform the exploit. The actor is unknown but they made a mistake by not removing a specific entry from the process database. #38c3
In 2021, predator targeted iOS 13 & 14. The second version which came out in 2023 targeted iOS 16. The second version was rewritten in a new language. The analysis of these vulnerabilities was done by the Citizen Lab, Amnesty International and Project Zero. #38c3
What can we do about the network diversity issue?
One idea is to overcome location biases by looking at the bandwidth that a relay can offer and then the directory authority can influence the path of a circuit.
In 2024, NoClip was found by Google TAG. NoClip has a lot of anti-forensic capabilities which includes the deletion of crash logs, unified logs and several other log files. #38c3
