[Blue_Hawk]

Hello, I would like to learn a way that you could develop a zero click exploit (An exploit which requires no client interaction), would anyone happen to know this?

[WishFoundation]

ask nso group

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: requested

[Blue_Hawk]

Forgot about this thread.
I found out what I was looking for was a 0day exploit.

[joepa]

Find a 0day in a product that is actively controlled by a user. Like a browser or messenger.

[Blue_Hawk]

Alright, thanks.

[CorpTax]

You can fuzz user supplied/client side input in the app or device you are targeting to see if you can cause crashes in any of them if so you start there to see if any of them can be controlled in a way that would allow you to get code where you've found your able to cause execution from.

[sugar]

like fuzzing api urls?

[notagh0st]

The best way to learn how zero-click exploits work is to find a zero-click exploit CVE, look at the highest version of the software that it affects, download that software, then download the lowest version of the software that has a patch in for the exploit. Then use something like BinDiff or Bin Diff + IDA Pro to analyze and diff the two binaries. Usually if someone puts out a critical security patch, the only code in the patch is related to the exploit, so the differences are going to be fairly small and obvious. Then look at the disassembly differences, figure out how the exploit works, and go test it on other pieces of software.