Pegasus Spyware: so dangerous that it should be banned? OTW explains...

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Pegasus blows that out of the water right because Pegasus was specifically for iOS right hacking team was a big deal until they got hacked in 2015. so a zero day is a brand new exploit that hasn't been seen yet they have your whole life they have all your contacts all your messages turn on your camera your mic and listen in to what you're doing big shout out to brilliant for sponsoring this video if you want to learn math or maths and computer science there's no better place to learn than from brilliant many topics including statistics and probability if you're interested in learning about artificial intelligence AI you need to have an understanding of maths or math if you like and an understanding of statistics and probability fantastic place to learn this kind of information now coming to my favorite part of brilliant computer science they teach you how to think in code they teach computer science fundamentals algorithms and data structures they teach you Python Programming and my all-time favorite introduction to neural networks so if you want an easy intuitive interactive way to learn very important that it's interactive you're involved in your training and studies here have a look at brilliant they are not only sponsoring my channel really want to thank them for doing that it allows me to create a whole bunch of free content to make available to you but they're also offering a 30-day free trial with 20 discount if you use my link below brilliant.org for David Bumble please check them out at brilliantraining from brilliant.org really want to thank them for sponsoring this video and supporting my channel hey everyone it's David bomble back with occupy the web occupy the web welcome thanks David it's always good to be back on your YouTube channel I think you are doing a great job I think you have the best YouTube channel for information security cyber security of anybody that I have seen on YouTube so I'm always happy to return I really appreciate you saying that thanks so much and just for everyone who hasn't seen our previous videos I've put links below there's a whole big playlist where occupy the web goes through Mr Robot hacks so have a look at those he's also the author of these books if you've seen our other videos I've mentioned them a few times but perhaps you haven't seen these books before he's got Linux basics for hackers very very popular book on Amazon I think it's like number one or something often is that right it's been it's number one for five years running we're really happy no starch press is very happy with it I think a lot of people find it a really good book get started into cyber security because it tries to be very simple easy to understand Linux applied to cyber security and hacking what I really love about your books and I'll say a few things now firstly here's network network basics for hackers as well as getting started becoming a master hacker what I really love about what you do and I always say this is a unique this is a unique skill that I don't see in a lot of people you are very very technical but you have this ability to explain things simply and I think we've had a discussion in the past about you know everyone well some people want me to do like these crazy hacks or you to do these crazy hacks on YouTube videos but the problem with that is the audience is small and you have this ability to you know like bring the bring the complexity down so that everyone else can understand it thanks David I that's what I try for us that's my goal is to make the complex simple because in reality all of these things and we're talking about cyber security we're talking about ite we're talking about networking really they're really they're pretty simple things and people try to make them much more complex than they really are and you break it down into its component parts it's all pretty simple stuff there's a saying I can remember I think it was Einstein that said it you know you know if someone understands something well if they can explain it simply um so people who don't quite understand it use complicated terms but someone who can explain it simply actually understands what they're talking about and that gets us to what we're talking about today but before I'm really excited about this actually Pegasus is something that a lot of people have asked for but I believe you've got a course coming up where you talk about Android hacking or demonstrate Android hacking and you've actually got the software right right we have the Android hacking class coming up in October and we have the Android version of Pegasus that we'll be using in that class among others you know malware that applies to Android hackers so Pegasus is a is a real special case because it's been it's been so widely used by governments around the world despite bye and so you know when we talk about Pegasus we have to think about it in more than simply cyber security terms because it's being used it's being abused by governments around the world it's been developed by the NSO group out of Israel it's been sold to tens of governments many of which who have terrible human rights records it's been used to spy on human rights activists journalists what have you and initially it's reason for being was to be able to spy on terrorists and and other law Breakers but it's being abused by spying on a lot of people and something that as the you know it might sound strange coming from a hacker but it's something that we have to as a global community have to address is that what is legitimate and what's not and in this particular piece of malware that is capable of spying on anybody anytime and it's it's running wild and disrupting a lot of people's lives and actually taking some people's lives um so it's a it's something that I I think that the viewers need to be aware of um and we'll talk more about some of the technical aspects of it but you need to be aware first of all that it's being used and abused and so those of you who you know have may not be in the the good graces of your government it's something that you really need to be aware of that at any point in time they can go ahead and infect your phone and you don't know about it and they can pull all of your messages all of your emails they can turn your camera on they can turn your mic on and you have no idea that this is taking place so that's kind of why I wanted to do this and because it's kind of the state of the art of mobile device hacking right now and it's in the news because it's been abused so much so before that's I got a few slides I kind of wanted to show to talk a little bit about it from a technical aspect don't want to get too technical but you know I don't want to you know we can get bogged down in the weeds here but I want to talk a little bit about what's going on here with this particular piece of malware it's interesting I just read that is it Armenia they've just uh like at the Timeless recording happened yesterday that they found it in like a war zone so it's like you said it's it's getting used all over the place um and it's going on people who um civilians so it's like you say getting abused a lot it seems yeah it's being abused in many countries our media as you mentioned and a number of other places you know it's been used in Azerbaijan Bahrain Saudi Arabia Mexico you know you can just keep on going on with the list one of the it was first used in Mexico and it was brought in by the government in Mexico to try to spy on the drug cartels and eventually it got into the hands of the drug cartels and the drug cartels began to use it against other people journalists what have you it was been used in Mexico I'm just picking on Mexico here but Mexico it was actually used to spy on political opponents the current president of Mexico Lopez obrador was actually his family and his people were spied on by the opposition okay when he was running for office in 2018 using Pegasus so and you know there's the khashoggi case in Saudi Arabia where it was used to spy on Jamal khashoggi and eventually it ended up leading to his death and dismemberment in Turkey a number of journalists and uh human rights activists who've been spied on by it and some have lost their lives so this is this goes beyond cyber security this goes into privacy rights and human rights and as a global Community I think it's something that we need to talk about and address and so from our from here what we want to do is to talk a little bit about what it does how it works I think as a global Community we have to think about how do we address this is this legitimate and and people may not be aware but there is a industry of people who produce malware zero day malware that is sold to governments all right and there's a number of these companies out there this is legal hacking all right as long as you only sell it to the government as long as it's sold to the government it's legal of course because they make the rules uh they make the laws so it's legal and and they can use it any way that they want so if you allow me I'd like to share my screen okay I just put together a few slides to discuss uh Pegasus Pegasus developed by the NSO group you can once it affects a phone it can you know extract SMS messages other messaging apps give geolocation record video record audio pull the contacts out of your phone and you know this is a really pernicious in that um once it's on somebody's phone it can pull all of the contacts out of their phone and and find all the people that they're talking to or messaging and that can be really dangerous especially if you're not in the good graces of your government like you know some of the more oppressive governments around the world it comes in through a variety of of actions through the browser uh through SMS messages the first thing that people may not be aware of maybe hopefully you are is that there are these companies around the world who develop zero days right and it's legal and legitimate and they've been doing it it's an industry that's been around for a while and what they do is they simply try to find vulnerabilities in phones and browsers and operating systems and applications and then they sell them vupen has been around for quite a while they're out of France NSO the one we're talking about today who's in Israel hacking team was a big deal until they got hacked in 2015 there's a vupen has opened up a a service called xerodium where they actually it's kind of like a bug Bounty program they're buying zero days that they'll resell so they're kind of like a broker of zero days and then there's the equation group in the U.S that developed Eternal blue and probably developed stuxnet as well the big scada attack against Iran in 2010 so these are some of the big players there's many many players in this field in many cases they'll sell zero days for millions of dollars to governments all right sorry some of the audience might not know so zero day means like uh with the um it's a vulnerability that the developers don't know about right yeah it's a zero day means that it's never been seen so when it comes out it's never been seen so therefore it's largely undetectable by any of our security devices so for instance anti-virus basically anti-viruses evolve but in the very beginning what it was is simply a set of signatures of malware so it had signatures of malware and it could only detect what it knew about so if it's never seen a malware it doesn't have a signature and therefore can't detect it you know in recent years av's got a little more sophisticated and can detect Behavior what looks like malicious behavior so a zero day is a brand new exploit that hasn't been seen yet and as such it hasn't been patched and there aren't any ways of detecting it right so without getting into a lot of detail here's the original Pegasus all right so stage one was a delivery in a web kit vulnerability it exploited cve 2016 so it gives you an idea what time frame we're talking about here all right it comes down through an initial URL so what it does is that it comes down through a web server the person clicks on a link now probably all of you have gotten malicious link I get them every day maybe it's just me but I I get moments sorry yeah so you get these you get these text messages right SMS messages and you know it's always well I can look at my phone right now and probably see a bunch of them but there's always some it's some offering it's either you know you've you've won something you know the typical spam fishing uh but the now they're SMS messages and so this is where Pegasus began okay as a single click and if you clicked on that message you then had malware downloaded to your phone and it exploited a vulnerability in the web kit in the Safari browser on the iPhone all right the next stage of course was to jailbreak it the stage was downloaded from the first stage code based upon the device it's downloaded as an obfuscated and encrypted package so what it's doing is that to get past any type of security device such as AV it's obfuscated which means that the code has been changed in a way that makes it more difficult to recognize what it actually is in the course then it's encrypted so obfuscated means hard to hard to see hard to do how to detect okay each package is encrypted with unique keys at each download so each package is encrypted with unique Keys making traditional network-based controls ineffective it contains code that's needed to exploit the iOS kernel right so one of the things that this needs to do is it has to find the kernel within memory so that's what's happening at this stage you have to find the kernel within the memory to be able to run this exploit and then in the final stage it contains Espionage software demons and other processes that are used after the device has been jailbroken and then once that's Espionage software is put on the phone they're basically what they're doing here is that they're placing a process they're they're they're embedding a process that can intercept text messages your email messages before they leave the phone and then they send those out back through a chain of command and control servers that are based around the world all right so they're they're sending out your text messages and it's not necessarily a continuous process the controller can request the messages periodically right the other kind of pernicious thing about this software is that it can be removed remotely so that if they believe that the user has detected Pegasus they can just push a button and basically remove it from the machine from the phone and so it's really really hard for people to be able to detect it or to even find get copies of it because as soon as it's detected or anything that's indicated that's being detected or if it's on the wrong kind of device it automatically deletes itself so this is the original this was a single click so it required that the user clicked on an SMS message to be able to exploit it in many cases they were not able to get the target to click on the link and so that raised problems for them you know you and I probably never click on those links that are sent to us from people we don't know and this is the risk that if you go ahead and you click and it's not just Pegasus because there's a lot of software out there a lot of malware that if you click on it they can download malware to your phone and then you've lost control and privacy of your phone and our phone has become you know a reservoir for our entire life so if somebody controls your phone they have your whole life they have all your contacts all your messages they can turn on your camera your mic and listen in to what you're doing and this is what governments have been doing and using this for and sometimes against people who you know we they probably should not be using yes it has been used to stop some terrorist attacks yes it has been done for law enforcement but it's been abused as well against opponents of a government of Human Rights activists of journalists there's been a number of journalists who've been killed as a result of the information that has been extracted from their phones by their governments including khashoggi which is who was a journalist in the United States it was a Saudi citizen living in the United States running for the Washington Post who was then killed in turkey and dismembered in Turkey in some cases they couldn't get the user to click on link so what they did next is something that I've talked about earlier and that is using a femtocell we talked a little bit about this in terms of of Mr Robot so this is kind of real world now Mr robot's interesting TV show you know and so but one of the I'll link that video below sorry go on right so the femtocell if you're not familiar with it is simply a local mobile cell tower right so they are legal and they're legal because some people are so distant from a cell tower they don't have good reception so the companies in this case it's Verizon this is the largest carrier in the United States they sell these okay to help people who don't have good access to a cell tower and it takes it collects essentially the sell signal it becomes it becomes a local near proximate cell tower okay within usually within a home or an office and then puts sensor cell signal through the internet all right into the cell network and so this is what they were using in some countries to be able to put Pegasus malware onto the people's phones when they couldn't get them the click they then would able to get them to connect to a femtocell or okay and we have a class on building a femto cell coming up in September I think so keeping that in mind or a stingray okay this is a stingray and these are also legal but only legal in the hands of law enforcement so this is this is what many countries around the youth around the world use to spy on their citizens what it is is it's a mobile yeah mobile it's a mobile cell tower so they can put it in a van in a truck what have you and move it any place and then once again your cell phone will connect to the closest cell tower your phone so that if there's a van parked in your neighborhood your phone will connect to that cell tower in which case then the the person who owns that cell tower can see all of your network traffic as well as put things into your network traffic so in the case of Pegasus they use either a femtocell or a stingray to be able to put malware into the Target's phone when they couldn't get them to click on the link and you can see this is a here's a this is one of the commercial and there's a price list down below here you can see what they cost for you know this one's 157 000 but supposedly you can only buy it if you're law enforcement or government but these are widely used by governments to be able to spy on their um their citizen used by law enforcement to be able to pick up traffic in the United States supposedly you need a search warrant to be able to use one against a Target all right so these have been used when they couldn't get people to click on a link all right so even if you don't the point I'm trying to make here is is that even if you don't click on the link you could still be at risk of being affected with Pegasus this is still a one-click exploit all right and but if they can if they can connect to your cell phone with either a femtocell or a stingray once the traffic is going through their device they can go ahead and send back to your phone the malware okay so in essence in essence it's zero click but it requires that they actually know where you are and get in physical that's right on proximity to you and it's a little bit more expensive for them more work for them now in 20 in 2021 2020 and 2021 they developed a zero click exploit all right and this one was most um probably most Troublesome right in that it required no interaction by the end user it sent what it looked like a gif image okay to the user's phone to the iMessage and basically it crashed this particular function right here the J big two stream all right and then installed the malware in that way and so this is the one that has probably caused the most problems in recent years is that this is a zero click we had nothing you have no idea that has been installed on your phone and there's no indication that's on the phone you've got somebody somebody sent you a message an iMessage and now they've taken over your phone these are all been developed by NSO group this is Pegasus right and it probably should say is that Pegasus is not a piece of malware it's multiple pieces of malware and that NSO keeps on evolving it and keeps on changing to to adapt to the environment so they come up with a an exploit Apple then patches it they come up with a new exploit okay Apple matches it and so we're in this constant chess game of trying to keep this off our phones and so it's really opens up you know some significant questions about privacy and human rights in the world I'm not sure that how everybody how if you want to address those kinds of issues but this is something that is important thinking about hacking and malware and that you know malware and hacking sometimes you know it was well for instance ransomware was a financial issue all right it was now this is where we're getting into privacy issues right and this can be very pernicious and it can make us all a little paranoid and in essence it can also make us um concern enough that we maybe don't don't talk in our messages on the phone in ways that we would if we felt that our messages were private so we end up being paranoid and maybe a little bit self-censoring of what we do on our phones because of the presence so this has a dramatic effect upon Society at large and not just you know a you know a loss of some Financial uh resources okay by the way iOS well people may have believed was often people thought that it's more secure than Android it just it Pegasus blows that out of the water right because Pegasus was specifically for iOS right well I would say that the iOS is still more secure than Android but this piece of malware was designed just initially for iOS and then was ported over to Android Android Android has a lot of vulnerabilities a lot of people who are concerned about privacy you know people who are in the human rights field people who are in journalism usually are using an iPhone because they feel like it's more secure but the Pegasus is targeted just to those type of people right there's lots of other malware that governments can use and hackers can use for the Android operating system which by the way and Droid is over like 80 percent of the global market for operating systems on phones a lot of people I hear people say well you know the world's 50 apple and 50 Android no it's a single it's 82 of Android and 18 iOS and other things right so getting inside of an Android phone is a little bit easier than getting inside of an Apple phone and that's why NSO can sell these NSO cells it makes makes hundreds of millions of dollars selling this all right they charge about 25 000 dollars per Target all right so if a government wants to buy you know a thousand license right it's going to cost them what is that you know 200 uh 25 million dollars right so and governments are willing to pay it they do yeah uh and so they've uh this is this has caused a lot of problems around the world and it continues to cause a lot of problems around the world and it's something that we need to be you know your viewership needs to be aware of and everybody who has a phone should be aware that this is something that's out there and it's being exploited daily on our phones I think so the the question is always what do we what can we do like a normal person well um just keep it up to date I know Apple released lockdown mode which is something that's supposed to supposedly supposed to stop this kind of thing but like you say they keep developing new exploits right well as far as what we can do first of all you know never click on a link from anybody you don't know okay and and sometimes that's hard to do because one of the ways to get people to click on links is to take over somebody else's phone okay and send out links from their phone in their contact list so it looks like it's coming from somebody you know all right and then you go and that's what happened a number of these journalists is that they were sent out you know from somebody's phone who got compromised and then they sent out more of the links SMS messages text messages to other people and got all of their friends got infected and all their contacts got infected as well so the first thing to do is probably to not not click on any Links at SMS in general I had probably the best thing you can do the but that doesn't solve the problem of the zero click exploits that are out there and I think we all have to a couple things we can do is at one we we have to be more demanding of our developers and that in this case it's Apple and Google to be more responsible to develop safe and secure software right if the software that they developed was Secure this wouldn't be possible now it's pretty hard to put out software that has no vulnerabilities in it but you know these are both very very large corporations with billions of dollars and I think we need to demand that of them that they make their operating systems and their applications because this is you know these are this isn't just the operating system this is a kind of a linked exploit between the application and the operating system uh in this case here this was uh this was this zero day that was a zero click um was a flaw in the way that it handled uh it actually it sends it out as a gif but it's really a JPEG 2 image and then it gets processed by this particular uh function here and it overflows it causes it to crash installs its own software in its place and the game's over at that point I think the the sunny can uh in me and other people might say the same thing it's um governments are not enforcing it because they want this it's you know that's just a cynical take on it yeah I think that that's that's true although the US government has banned NSO products now okay so uh but that you know that that may be just that you know they may still be using it internally but that's externally what they're saying is that they have a ban on NSO products and then you know we have a lot he says they're just you they're getting the NSA version sorry yeah exactly yeah the NSO version is not so they're they're getting the same thing from somebody you know somebody else whether it be voo pen or hacking team or what have you so yeah they've banned NSO products uh interesting about NSO is that whenever NSO sells any software to a government they have to have the Israeli Department of Defense approval so when they're selling it to these governments and they're abusing it there is a certain level of responsibility that goes back to the Israeli Department of Defense because they're approving the sale if you're proving the sale to a com a country that has you know a terrible human rights record you know it was abusing it and you're not doing anything about it then there's a certain amount of responsibility here for instance in in Morocco where it's been used um you know against anybody who's opposed to the king in Morocco and it has ended up with many people in prison and being murdered by the king in Morocco and a number of other places as well just picking on Morocco but you know it's been used uh in Jordan Kazakhstan Iraq Hungary India I mean just make a list and even in France I mean France it was used against macron the president of France was being his phone was was hacked with the Pegasus and so somebody was listening in and it suspected that it was the Moroccan authorities who were listening in on macron's conversations and so what are these players you know the governments of the world going to do I mean if it's being used against your government for instance in Mexico it was used against a Lopez obrador yet it's still actively being used by The Mexican government as best as we can tell and it's been the early versions the version that had the one click got found its way into the hands of the drug cartels all right and they were using it against their opponents including the government and including journalists who might have something negative to say about them so it's a it's problematic and something that you know as a global Community we have to start thinking about is how do we handle this is a new world that we're talking about here how do we handle this do we just allow this to take place is there is there no limits on this when you're talking about intrusion upon privacy this raises it all new issues for all of us I mean there's we've had malware and viruses around for 30 40 50 years right I guess the first ones were 1980s or thereabouts um but now we're talking about a loss of privacy and I think that's a I think privacy people may disagree with me I think privacy is a basic human right and this is this puts that human right at risk right um so I think it raises all new issues that we we need to address yeah I mean it's complicated I mean it's um I wanted to ask you some other questions like if you get hold of the software do you need the command and control infrastructure or can like the cartels were able to just do their own thing like use the software for their own purposes without you know getting permission and whatnot the circumstances in Mexico are unique let's put it that way and you do need the command and control infrastructure which by the way we have a class coming up in August on command and control infrastructure so those people are interested in that so when you're going ahead and you're spying on somebody or you're trying to extract revenues from them you need to have some way up of exfiltrating the data off their phone or other devices that requires a command and control infrastructure and in this case the Pegasus has a very complex command and control infrastructure that's very hard to detect and all the Transmissions are done and encrypted make it more difficult to actually see and detect them and in addition if they feel that the Target or law enforcement in that Community has detected them they can immediately delete the software that's why it's become really really hard to get samples of this software because NSO deletes it okay as soon as they detect any kind like for instance if you go in and you start trying to detect the process disease and there's a number of processes one of the interesting things about the software is that it's something that I I teach my students too is that if you're going to create a malicious process make it a process is something that runs in the background a demon right it's a process that runs in the background constantly give it a name that looks almost identical to a native process on that particular device right and it makes it really really hard for the forensic analysts or you know whoever is doing the incident response to detect it and and that's what they did here almost all of the processes that are running on the iPhone have names that are almost identical to the names of Native processes on those devices making it really really hard for anybody to be able to find them even people who have a lot of experience it's hard to detect them uh and I have to give you know a little bit of credit to the NSO people I mean they're a very talented group of developers right they spend days weeks months years developing these so that kind of raises an issue that you and I have talked about in the past and that is that you know hacking can be a very time consuming and tedious process when you start talking about zero days a company like NSO or the equation group or boot pen or hacking team they can have really good developers working months and years to develop a zero day and then of course they can sell it for millions of dollars but they invest a lot of time in it so yes you can take over systems in 30 seconds or less like in The Tick Tock videos but those are only insecure systems right those are insecure systems are you talking about secure systems you know it becomes a lot more complex and so my message to students and to viewers is that don't get frustrated and don't expect that everything you can exploit everything in 30 seconds or less you can exploit insecure systems in 30 seconds or less but that's not going to necessarily apply to a secure system right like a new iPhone right that could take you years to develop a zero day and a lot of knowledge and skill and resources to do that and these companies like NSO do that and the NSA in the United States and the equation group in the U.S and a number of other companies and entities around the world are doing it but most of the time when you see a big hack it often has an element of social engineering involved in the successful ones even here we were talking about the Pegasus it required some social engineering so we go back and we look at the one click right these were these were social engineering attacks there was somebody sending a message who knew something about the person that would get them to click on a link right so even when we're talking about the most sophisticated hacking in the world it still has an element of social engineering and that's why I always tell my people is that you should not Overlook social engineering if NSO group has to have an element of social engineering then you probably do too or for that matter whether it be you know the Russian FSB Gru I mean they all use social engineering so don't feel like that's a that's a lower level of hacking because even the most sophisticated hackers in the world use elements of social engineering to get what they need now it's a lot easier to hack a system when you can entice the user into an action if you can entice the user into an action social engineering it's a lot easier to take over whatever device it is and that's the case here with the NSO groups Pegasus it applies to you know if you look at all of the major hacks and that's one of the reasons why you know I emphasize the history of hacking in my book getting started becoming a master hacker because almost all of the major hacks if you look at all the big ones there's a social engineering aspect of it right and so we're talking about the major hacks in history very few of them did not have a social engineering element even you know stuxnet had to find a way into that facility because it was basically an air gap facility it required some social engineering to get probably the most sophisticated piece of malware ever developed into that uranium enrichment facility here Pegasus initial Pegasus required at least the user click on a link the more recent ones have zero click uh Eternal blue is a good example of a zero click exploit so Eternal blue for those who aren't familiar with it is a exploit that was developed by the equation group for the NSA and basically it exploded SMB on sort of a message block protocol and it's on almost every machine every Windows machines on every Linux machine as well and implementation of it is and it exploited SMB to basically take over the system and it required no interaction by the user this is rare this is very rare now in the 90s it wasn't rare or or in the early years of the 21st century but in a more secure world that we're working in in 2023 it's very very rare that you can develop a piece of malware that has that requires no user interaction and if you are you know you're going to spend many many person hours in years being able to develop it uh there are some pieces of the uh the early versions of the iOS Pegasus out there and available for analysis the class that we're doing in October is an Android so we'll be looking at a number of pieces of Android malware including the Pegasus version of Android and the Android version goes by a slightly different name but yeah they're calling it Chris eyewear which is the twin brother of Pegasus there's been a lot less research done on the Android version of Pegasus and so it might be a lot more prevalent then we know what most of the research has been done is on the iPhone version of Pegasus because it was originally discovered in the phone of a human rights activist in Bahrain I think in 2016 and so Amnesty International has focused a lot of their research on the iOS version of Pegasus and there's been a lot less research that's been done on the Android version so it might be all over the place and we just don't know so occupy the web obviously because of this is YouTube we have to be really careful what we show thanks so much for showing a slide of the of the actual part of the code that was a problem you said that you've got a clause coming up in October right that where you're going to look at the Android version and you've actually got the software and you'll go through that right yes we have the Android version of Pegasus known as creasor and but I always say simply the Android version of Pegasus and we'll be analyz advising it as well as other Android malware that and we're just focusing in this class on Android that's great I mean so I know people who are watching are going to want to like see the code um but yeah this is YouTube so we've got to be really careful so if you really want to you know see it actually working um and have occupy the web explain it to you and and show you other malware then sign up please class I'll put links below occupy the web I really want to thank you for sharing your knowledge I always say this I mean like I said in the beginning your books are amazing you have an amazing ability to explain complex stuff simply and I thank you so you know thanks so much for coming on YouTube and you know just sharing the knowledge we've done a lot of videos together and I appreciate you doing that and look forward to the next ones thanks David I always enjoy being on your show and I'm looking forward to doing a a little more technical one on the Eternal blue exploit in the near future yeah just so for everyone who's watching the idea there is you're going to do a demo right with Windows 10 or something and show us how it actually works right it was originally developed for Windows 7 but it's been reported for Windows 8 and Windows 10 and it works against those versions under certain circumstances like you know like everything there has to be certain circumstances and and it's actually a overwrite of two buffers between smb1 and smb2 so in the cases where a machine has both of those versions on it it will work so that's great so for everyone who's watching please put in the comments below other topics that you want us to cover if there's anything that you think will be will be great put in the comments below I read a lot of the comments and occupy the webinar I discuss those and see what what would be interesting to cover okay by the way thanks thanks David see you again soon
Info
Channel: David Bombal
Views: 130,881
Rating: undefined out of 5
Keywords: pegasus, spyware, malware, iphone, android, pegasus spyware, hack, hacker, hacking, infosec, information security, wifi, linux, tails, privacy, cyber security, ethical hacking, online privacy, kali, kali linux
Id: Fsh5JcK5F4k
Channel Id: undefined
Length: 47min 43sec (2863 seconds)
Published: Sun Jun 18 2023
Related Videos
Global Spyware Scandal: Exposing Pegasus Part Two (full documentary) | FRONTLINE
FRONTLINE PBS | Official
421K
How to be Invisible Online (and the hard truth about it)...
David Bombal
655K
Ex-NSA hacker tells us how to get into hacking!
David Bombal
1.4M
10 Common Mistakes DIYers Make In Circuit Breaker Boxes
LRN2DIY
574K
The World’s Most Terrifying Spyware | Investigators
VICE News
1.2M
The Spy in Your Phone | Al Jazeera World
Al Jazeera English
4.1M
Global Spyware Scandal: Exposing Pegasus Part One (full documentary) | FRONTLINE
FRONTLINE PBS | Official
1.1M
EMERGENCY EPISODE: Ex-Google Officer Finally Speaks Out On The Dangers Of AI! - Mo Gawdat | E252
The Diary Of A CEO
6.3M
This Text Can Hack Your Phone, Even If You Never Open It🎙 Darknet Diaries Ep. 47: Project Raven
Jack Rhysider
229K
Hacking cell phones like Mr Robot
David Bombal
660K
Real World Hacking with OTW (Privacy and Cybersecurity IoT warning)
David Bombal
46K
Best WiFi Hacking tools: Airgeddon, Kismet, Raspberry Pi and Kody's favourite wifi tools
David Bombal
430K
Edward Snowden on Pegasus spyware: 'This is an industry that should not exist'
The Guardian
534K
The Dark Side of Wireless Networks: Intro to Wi-Fi Hacking - Megi Bashi - Ryan Dinnan
BSides Prishtina
153K
Real World Hacking Demo with OTW
David Bombal
141K
Ex-NSA hacker tools for real world pentesting
David Bombal
966K
This Hacker Makes $160K a Day ⁠— After He Got Out of Federal Prison🎙Darknet Diaries Ep. 60: dawgyg
Jack Rhysider
412K
Real World Hacking Tools Tutorial (Target: Tesla)
David Bombal
111K
ChatGPT Tutorial: How to Use Chat GPT For Beginners 2023
Charlie Chang
2.1M
Am I too old to get into Cybersecurity?
David Bombal
380K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.