Minor updates

Signed-off-by: Raja Grewal <rg_public@proton.me>

content/posts/knowledge/Mobile Verification Toolkit for Android and iOS.md

@@ -1,6 +1,6 @@
 ---
 title: "Mobile Verification Toolkit for Android and iOS"
-date: 2023-10-24
+date: 2023-12-11
 tags: ['Knowledge base', 'Privacy', 'Security', 'Android', 'iOS']
 author: Raja Grewal
 ---
@@ -9,7 +9,8 @@ One of the key principle components involved in maintaining both strong privacy
 
 Building on this, both independent and mainstream media are constantly awash with stories regarding the frequent discoveries of sophisticated malware installed on users phones that have the ability totally compromise a device by giving external parties effectively root access. The most well-known of these variants of spyware target hitherto unknown zero-day exploits as thoroughly discussed by [Amnesty International Security Lab](https://www.amnesty.org/en/tech/) and [The Citizen Lab](https://citizenlab.ca/).
 
-For example, there is very little any end-user can do to detect intrusions by the infamous Pegasus spyware made by the NSO Group, see [[1](https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/), [2](https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/), [3](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/), [4](https://forbiddenstories.org/case/the-pegasus-project/), [5](https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/) [6](https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/), [7](https://citizenlab.ca/2022/02/bahraini-activists-hacked-with-pegasus/), [8](https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/), [9](https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/), [10](https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/), [11](https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/), [12](https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/), [13](https://citizenlab.ca/2023/05/cr1-armenia-pegasus/), [14](https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/)]. A similar situation is exists with the Predator spyware marketed by the cyber intelligence consortium Intellexa Alliance (which includes its developer Cytrox), see [[15](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware), [16](https://blog.talosintelligence.com/mercenary-intellexa-predator/), [17](https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/), [18](https://blog.sekoia.io/active-lycantrox-infrastructure-illumination), [19](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/), [20](https://www.amnesty.org/en/documents/act10/7245/2023/en/), [21](https://citizenlab.ca/2023/10/predator-spyware-targets-us-eu-lawmakers-journalists/)]. Other high-profile recent examples of mercenary spyware vendors include [Candiru](https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/), an [undisclosed company](https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/), [QuaDream](https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/), a [mysterious source](https://securelist.com/trng-2023/), and [APT41](https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41).
+For example, there is very little any end-user can do to detect intrusions by the infamous Pegasus spyware made by the NSO Group, see [[1](https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/), [2](https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/), [3](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/), [4](https://forbiddenstories.org/case/the-pegasus-project/), [5](https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/) [6](https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/), [7](https://citizenlab.ca/2022/02/bahraini-activists-hacked-with-pegasus/), [8](https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/), [9](https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/), [10](https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/), [11](https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/), [12](https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/), [13](https://citizenlab.ca/2023/05/cr1-armenia-pegasus/), [14](https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/), [15](https://www.accessnow.org/spyware-attack-in-serbia/https://www.accessnow.org/spyware-attack-in-serbia/
+)]. A similar situation is exists with the Predator spyware marketed by the cyber intelligence consortium Intellexa Alliance (which includes its developer Cytrox), see [[16](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware), [17](https://blog.talosintelligence.com/mercenary-intellexa-predator/), [18](https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/), [19](https://blog.sekoia.io/active-lycantrox-infrastructure-illumination), [20](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/), [21](https://www.amnesty.org/en/documents/act10/7245/2023/en/), [22](https://citizenlab.ca/2023/10/predator-spyware-targets-us-eu-lawmakers-journalists/)]. Other high-profile recent examples of mercenary spyware vendors include [Candiru](https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/), an [undisclosed company](https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/), [QuaDream](https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/), a [mysterious source](https://securelist.com/trng-2023/), and Asian APT groups [[23](https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41), [24](https://securelist.com/modern-asia-apt-groups-ttp/111009/)].
 
 It should also be recognised and stressed that being targeted by complex mercenary spyware is an expensive undertaking and so the overwhelming majority individuals are very unlikely to be affected. The confirmed targets involve politicians, activists, developers of AI-based guidance systems, lawyers, journalists, and whistleblowers. See The Citizen Lab's [publication list](https://citizenlab.ca/publications/) for more references.
 
@@ -74,5 +75,5 @@ The large flexibility of this format combined with ready-made tools like `mvt` h
 While this certainly has the potential to cause excessively high amounts of false positives if benign indicators are selected, the feature is much appreciated.
 
 TO BE PUBLISHED:
-- Explain STIX 2.0 formatting for simple detection rules.
+- Explain STIX 2.1 formatting for simple detection rules.
 - Walkthrough example on how to perform a custom scan looking for all references to a particular domain on both Android and iOS/iPadOS.