Clipping Wings: Our Analysis of a Pegasus Spyware Sample

This post previews a Black Hat Asia 2024 briefing on an analysis of an iOS spyware exploit sample (linked to Pegasus/BLASTPASS) recovered from an iTunes backup; it highlights repeated homed and MessagesBlastDoorService crashes, IMTransferAgent activity delivering files named sample.pkpass, and a pkpass archive containing a large WebP image and a binary plist (NSKeyedArchiver) consistent with known BLASTPASS exploitation techniques.