Jonathan Scott Profile picture
American Phone & Cloud Hacker Founder @haktree @spyware_wiki Human & Womens Rights - Free Speech Activist- Security Engineer @cLabs, my tweets not employers
8 Nov
Apple HomePod Mini Data Dump - Extended Logging #iphone #infosec #iOS #siri twitter.com/i/broadcasts/1…
Show all recent files that have changed in a specific directory.

find . -exec stat -f '%m%t%Sm %N' {} + | sort -n | cut -f2-

find . = search in the current directory that you are in.
change the . to any dir to see all changes in dir.
developer.apple.com/bug-reporting/…

You can get the latest mobileconfig files here
Read 4 tweets
7 Nov
Another issue I want to raise is the hate train...Let me get this clear, I have no issue with @thecybermentor Heath Adams, I'm a supporter of his content, but I don't support hate. Thankfully, the hate is directed towards me, but the "hate" stems from my human rights activism.
Along with being a phone hacker, I am a digital human rights defender. What Heath sees as me seeking attention is not the truth at all. I have supported even my biggest and hateful opposition in their time of need, I will always help anyone that is being wronged the best I can.
Read 8 tweets
17 Oct
Some of the most elite phone hackers in the world are in an industry many ppl have never heard called, reverse logistics. Similarly, top phone repair techs, can exploit hardware & software vuln., effortlessly. Recruited from around the world by Big Tech silenced by NDAs #infosec
Most phone exploits that float around #infosec and the media are 5-7 years behind what these hackers already have. They are holed up behind special access card rooms in Big Tech and Small Tech R&D facilities, separated from all other engineers.
Almost in all cases around the world I have seen and been, the hackers are on 24/7 video and audio recording surveillance. I was one of them.
Read 24 tweets
14 Oct
Jailbreaking should never be use to perform mobile forensic analysis if you plan on being an expert witness in a court case, the “artifacts,” or rather entirely new data sets comprise the integrity of the device. It is a #HumanRights violation to submit evidence in this manner
Tomorrow I will teach you how to extract data while leaving a minimal amount of artifacts that can all be traced and documented so you can stay ethical and present professional #mobileforensics analysis reports with supporting traces, without jailbreaking.
Here are some great white papers to read about ethically performing iOS forensic analysis as it pertains to court submitted evidence. researchgate.net/publication/33…
Read 5 tweets
13 Oct
The People Must Know....

I made my first million by abusing the trust of everyone in the world. I can never apologize enough for what I have done...I am sorry

In 2018, I was asked by Verizon Wireless employees working at XPO logistics to create an auto auth ADB solution....
Over a period of a few months, I flew to Dallas, Texas and met with high level Verizon Employees inside of XPO logistics...

I had many demo's of my Samsung Verizon ADB authorized solution that did not require any human interaction...no rooting...
I performed my exploit in-front of many Verizon employees, IT, security, directors, etc...They gave me a fresh Macbook pro, and phones they pulled themselves from XPO logistics production floor, they provided the cables as well. I wrote my exploit live in front of them...
Read 9 tweets
11 Oct
Ok let’s hold on Apple Live Tonight because idk WTF is going on with MacOS and iOS 15.0.2 right now but we will still be doing LG Live Zero-Day exploitation,all are welcome…raw code is out in my feed somewhere and I’m creating the Repo on GitHub now #CybersecurityAwarenessMonth
I will show you where the code elevates privileges and how
Anyone that has been watching my LG exploits, please help others if they have questions…let’s unite on this please…let’s not fight, I’ve worked on this for years and made many video demos…you finally get the full code…as promised …
Read 4 tweets
10 Oct
iOS 15.0.1 RCE PoC Version 1 of Many #infosec twitter.com/i/broadcasts/1…
I hope you all can see this is a real issue, thanks for all the support, and i will. be showing part 2 very soon!
I want to be clear on this first PoC, this is executed on a trusted host, this is why I had initially said and agreed that the barrier to entry is still a little high...so a threat actor needs to take the lockdown records of the trusted host or take over the trusted host step 1
Read 5 tweets
9 Oct
Since I need to remove some barriers for the iOS exploit..holding off until tomorrow

Thanks @sickcodes for helping today and your 100% honesty, and expertise...

Making this LG Zero-Day pretty will take time
Here's Raw Notes, github later

tinyurl.com/e262x5fc

#infosec
@sickcodes If you are reading the notes for this Zero-Day, when I say did not pass this means that you still enabled ADB but you did not gain authorized access, with this said...you will see an RSA prompt pop up instead of ADB Authorized in Stealth Mode...Still cool either way :)
@sickcodes Also, if you are performing this exploit with USB C...you can use a 56K resistance CABLE....OR purchase this adapter by @TechMatte it has a 56K resistor built in...you will see that the device arrives at 1004:6000 amazon.com/dp/B01838ILX8/… via @amazon
Read 4 tweets
29 Sep
Here is the full Thread for

The iOS 15 Data Experiment Part III

CONFIRMED: THE DATA LIVES ON!

#infosec #ios #iPhone #Apple #bugbountytips #infosecurity #Security
I know i was going to go deeper into the bluetooth connections, but if I don't hold on that I'll never finish! lol, my purpose is to prove that data still exists on your phone even though you have done a "full restore."

OTAUpdateLogs
restore_perform.txt shows the entire process
Not to deviate too much from the task, but I love how straight forward this is...

collecting logs at "/private/var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/sysdiagnose/temp.l1OzUV/brctl"
- sending SIGINFO to cloudd
Read 7 tweets
29 Sep
This is the thread for

The iOS 15 Experiment Part II

CONFIRMED HIDDEN BLUETOOTH DEVICE CONNECTIONS!

#infosec #ios #iPhone #Apple #bugbountytips #infosecurity #Security
As I am looking through the Diagnostics Dump I notice that my phone is already Bluetooth paired with my computer via a (cloudpaird daemon...???)

The image is a screenshot of the data

Yes i'm showing my BT Mac Address...i'm a scientist get over it.
I wanted to show you all I was not looking at the data wrong so I ran

ideviceinfo

then i did a search Bluetooth

The bluetooth mac address on my phone matched the output of ideviceinfo, so we do have a valid data set
Read 10 tweets
29 Sep
Just a guy running an experiment Part I

In the name of Science I did a full restore on my iPhone 11 Pro, 100% from scratch 256GB GONE!

Why my personal phone? Because it had real usage

I wanted to find out, if the data was really gone when restoring with iOS 15

#infosec
I have done on every major update since iOS 10...
I shared the internet connection from my Mac with my wired iPhone since I didn't want to connect to Wi-Fi during activation.

I made sure that content caching was off as well so that I wouldn't taint the experiment
Read 17 tweets
17 Sep
You know what... F' it

Not a vulnerability right....@Azure

"make.powerapps.com/environments/D…"

curl "afd.hosting.portal.azure.net/api/diagnostics" | jq

curl "insights1.exp.azure.com"

We still using .htaccess.NDB
"aad.portal.azure.com/signin/idpRedi…"

curl "afd.hosting.portal.azure.net/iam/?bundlingK…" | jq

Go crazy ya'll NBD

#infosec
@Azure feel free to find even more NBD endpoints here

github.com/jonathandata1/…
Read 12 tweets
17 Sep
Data leak exposed 38 million records, including COVID-19 vaccination statuses | Engadget engadget.com/microsoft-powe…
And then this BS!!! F U @Microsoft @Azure
@Microsoft @Azure So when i report it APRIL 8th, 2021 it's NBD!!!! OooookkkkkkkkkKKK WTF is Going on HERE!!!!

PAGE 8
github.com/jonathandata1/…

#bugbounty #infosec #scam #fraud #security #DataLeak @guardian @cnnbrk @washingtonpost @FBI @FBI
Read 4 tweets
1 Sep
Writing code in BASH can be super powerful!!!

Here is a 1 liner you can put in your terminal right now!!!

This 1 liner that asks the user to input a URL.

IFS= read -r -p "Enter The URL or File To Pull Down: " input; wget -m "https://www.${input}"

#bash #Linux #coders #UNITE
Post your custom 1 liner you made from this! Share it with everyone, tell us what it does!
Run an nmap scan on any IP address!

IFS= read -r -p "Enter An IP Address: " input; nmap -v -Pn "${input}"
Read 7 tweets
29 Aug
I saw a post by @s0md3v and he created a program in python to remove duplicate URLs, I do respect his efforts , but it made me realize people really don't know the power of linux.

Remove duplicates

cat somefile | uniq

Remove duplicates and sort

cat somefile.txt | sort -u
Again, I don’t ever want to discourage anyone from creating tools for people. I teach a different way, I tell you how to do things manually and from the source, then point you to my programs. @s0md3v is doing a great job and inspired these tweets
@s0md3v In case you all were wanting a tool that will parse through massive amounts of data and extract all URLS, sort them and make them unique I wrote a 1 liner that will do this

Read 5 tweets