Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Discover how security researchers uncovered and analyzed a previously unknown NSO Group Pegasus persistence exploit from 2017 targeting iOS 10 devices in this conference talk from Recon 2025. Learn the detailed forensic methodology used to reverse-engineer a historically significant mobile spyware sample, including the creation of accurate iOS 10 emulation environments to match specific victim hardware configurations. Explore the technical analysis of three ROP/JOP chains identified through static analysis, understand the root cause of the underlying vulnerability, and examine how the exploit achieved persistent code execution after device boot. Gain insights into the silent mitigation strategies employed to address this vulnerability, and investigate the fascinating discovery of exploit code reuse across multiple threat actors, revealing potential connections in the exploit supply chain ecosystem. Follow the researchers' journey as they demonstrate advanced reverse engineering techniques, historical iOS system reconstruction, and the methodical approach required to fully understand sophisticated nation-state malware capabilities from nearly a decade ago.
