Catching NSO Group's Pegasus Spyware

Explore the behind-the-scenes investigation of NSO Group's Pegasus spyware in this 45-minute conference talk. Gain insights into Amnesty International's Security Lab's multi-year tracking efforts and the development of innovative forensic tools to detect the supposedly "undetectable" Pegasus spyware on infected devices. Learn about the open-source Mobile Verification Toolkit (MVT) used to identify traces of Pegasus on activists' and journalists' devices worldwide. Discover the methodology behind the global investigation into Pegasus abuses, including real-world examples from Morocco. Understand how MVT's features, such as ID Status Cache, network log analysis, and timeline functionality, contribute to uncovering sophisticated mobile spyware threats. Examine the impact of publishing forensic methodologies and tools on subsequent case discoveries.

Intro
Pegasus Project Global investigation into abuses of NSO Group's Pegasus abuses.
Pegasus found in-the-wild
A wild Pegasus message appears
Pegasus in Morocco
Mobile Verification Toolkit (MVT)
MVT: ID Status Cache
MVT: Network logs - evidence of infection
MVT: Timeline feature
Cases found following our publication of forensic methodology and tools
Conclusion