As a newby in the cyber security field, this video was super good at explaining what this vulnerability is and how it was exploited by this malware. Gained a new subscriber 🤙🏽

Awesome analysis! Thanks for posting this! One small note, the strings app for macOS finds ASCII, that's why I believe it didn't work for that sample. Thanks again!

Nice video, good catch with the domain. OA Labs did a similar thing with a ~20 year old sample and he had hundreds of computers phoning home if I recall correctly. It would also be very interesting to see if you could get your hands on the code that was doing those requests you were talking about right at the start. (had to re-phrase this comment, youtube silently removed it the first time around, they are autocensoring comments with keywords in them)

Are you in any way able to advise what filterlist for Pi-Hole you would use fpr additional protection from these threats?

Excellent video as usual bro..... Thank you for doing this 😊 🔥

Excellent walkthrough as usual Colin. Particularly in the threat intel side, really interesting.

Amen brother, spot on about the lack of response. Just have to play the long game and hope for the best since there’s no possible way to completely re-engineer unless you’re the one writing the code. Educating institutions and users isn’t going to be as impactful as a critical mass event, which is, in this case what must happen to make the scale of change needed.

If I was to see an app called Pegasus in my IOS crash analytics is that the same software/spyware? I got the phone from a pawn shop and eventually just ditched it but can it show up in crash logs? No idea who's phone it was before me. This was about a year ago

Amazing work! Loved it.

I've never used Patreon. That's about to change. These videos are excellent!

Thank you for this high quality content keep it up 👏👏👏

Brilliant job! Thanks for sharing

Great work! Loved your dedication

Great Work Thanks for sharing , waiting for more Colin

Great video, excellent and really interesting work, love it 😍

Hi Colin - I'm currently going through the "Practical Malware Analysis" book, and was wondering if you think I should learn C before I learn Assembly, or vice versa?

I mean honestly, how do i get your knowledge....

Why do you think they would send a text with a domain they haven't registered? is it just because they don't need the user to click anything and they just put something random there?

Great Video as usual. Thanks.

Anyone know a documentary on Pegasus I can watch? Cant find any that are on. I just see 2 min trailers from forbidden stories

So as someone as interested in a subject as you are to the point of making videos about it I'm pretty surprised that you've missed the point with the Pegasus samples. Pegasus basically is referring to whatever is zero days they're using at the time of the conversation because the whole remote compromise without user interaction is the only unique thing the malware needs after that you can use anything you want to compromise the phone and persist you can literally just use some of the built-in features to have the text and phone calls intercepted and blah blah blah once you install that malware dropper using hide the icon and you can do that one of several ways but again it could be the most basic dumb malware in the world if you wanted it to be after you compromise the phone it's to compromise it's important

Great Info mate!

Very Interesting indeed

Great content, thank you!

Great video mate.

Always interesting!

More videos like this please :-)

Very interesting

Could you please do a vedio on malware analysis using ghydra for beginers to understand how malware analysis works

it takes balls to cover such topic.. (you know y i relate i m form india. heheheh)

Right on

Awesome awesome

Im 100% sure i have this on my iphone 8. I get random texts all the time never clicked on one link never anything my phone will be on 100% at 6 am and by 10 oclok it will be at 20% with barely any usage the phone was brand new a year ago