Skip to content

List of NSO Pegasus's C2C Servers where will be used to control Pegasus.

Notifications You must be signed in to change notification settings

0n1cOn3/The-NSO-Blacklist

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 

Repository files navigation

🔍 How to catch NSO Group’s Pegasus

Introduction

NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus Project,
a collaborative investigation that involves more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories with technical support of "Amnesty International’s Security Lab"*.

Why ?

However, on further analysis we* also noticed suspicious redirects and we can at least from the forensic work, use the information to prevent certain Domains and DNS's. it should make it harder for Pegasus, to communicate with the C&C's from the NSO Group.

Purpose ?

This is a list of domains and DNSs which has been collected from Amnesty International’s Security Lab.

🔗 You can check the huge writeup here:

https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/

PiHole/Adguard Home

The list can be added to pihole and giving a little bit a protection not to get attacked nor getting any other packages from their respective servers.

Other Sources

🔗 https://github.com/Red-Laboratory/NSO-hosts

🔗 https://github.com/jjjxu/NSO_Pegasus_Blocklist

🔗 https://github.com/AmnestyTech/investigations