Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon Michaël Ohayon
March 18, 2020
Technology
0
71

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon

Michaël Ohayon

March 18, 2020
Tweet

More Decks by Michaël Ohayon

See All by Michaël Ohayon
Bringing your Flutter App to the Web
Avatar for Michaël Ohayon mikklfr
0
75
KED - Prompt Security
Avatar for Michaël Ohayon mikklfr
0
23
Sécuriser ses appels réseau Android, de 2009 à 2019
Avatar for Michaël Ohayon mikklfr
0
21
Android et qualité logicielle
Avatar for Michaël Ohayon mikklfr
0
21
Securing Network Calls on Android, from 2009 to 2019
Avatar for Michaël Ohayon mikklfr
0
110

Other Decks in Technology

See All in Technology
"複雑なデータ処理 × 静的サイト" を両立させる、楽をするRails運用 / A low-effort Rails workflow that combines “Complex Data Processing × Static Sites”
Avatar for hogelog hogelog
3
1.7k
ユニットテストに対する考え方の変遷 / Everyone should watch his live coding
Avatar for mdstoy mdstoy
0
110
定期的な価値提供だけじゃない、スクラムが導くチームの共創化 / 20251004 Naoki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
3
220
いまさら聞けない ABテスト入門
Avatar for 木村彩恵(skmr2348) skmr2348
1
180
空間を設計する力を考える / 20251004 Naoki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
3
250
Pythonによる契約プログラミング入門 / PyCon JP 2025
Avatar for 7pairs 7pairs
5
2.4k
バイブコーディングと継続的デプロイメント
Avatar for nwiizo nwiizo
2
380
「技術負債にならない・間違えない」 権限管理の設計と実装
Avatar for naro143 naro143
35
10k
Green Tea Garbage Collector の今
Avatar for zchee zchee
PRO
2
380
ACA でMAGI システムを社内で展開しようとした話
Avatar for Yuji Masaoka | まっぴぃ mappie_kochi
0
160
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
Avatar for moriyuya moriyuya
4
300
Geospatialの世界最前線を探る [2025年版]
Avatar for Yasunori Kirimoto dayjournal
3
470

Featured

See All Featured
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
139
7.1k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
28
4k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
45
2.5k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
84
9.2k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
23
1.5k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
514
110k
Designing for Performance
Avatar for Lara Hogan lara
610
69k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
54
3k
Done Done
Avatar for chrislema chrislema
185
16k

Transcript

  1. Point sécu Android 2020 fenrir.pro

  2. AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro

    @lp1eu fenrir.pro

  3. OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL

    fenrir.pro

  4. "Tu peux jeter un oeil à mon téléphone ?" fenrir.pro

  5. fenrir.pro

  6. fenrir.pro

  7. Comment on en est arrivé la ? fenrir.pro

  8. Nos méthodes d'analyse fenrir.pro

  9. Setup Terminal Android fenrir.pro

  10. Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur

  11. Setup Analyse du trafic fenrir.pro

  12. Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP

  13. HTTP fenrir.pro

  14. HTTPS fenrir.pro

  15. Chiffrement Asymétrique fenrir.pro

  16. Chiffrement Symétrique fenrir.pro

  17. Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.

    Key Exchange

  18. Mais du coup comment il fait Charles (ou Burp/autres[...]) ?

    fenrir.pro

  19. Infrastructure à clé

  20. L'exemple du "debug"

  21. Abus de confiance

  22. Abus de confiance

  23. Démo fenrir.pro

  24. Setup Analyse Statique fenrir.pro

  25. apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro

  26. Démo fenrir.pro

  27. Un standard ? fenrir.pro

  28. Ressources fenrir.pro

  29. None
  30. None
  31. None
  32. None
  33. None
  34. None

  35. Et donc au final ? fenrir.pro

  36. fenrir.pro Pubs in app

  37. fenrir.pro Stores

  38. Web fenrir.pro

  39. Stores alternatifs fenrir.pro

  40. Dans la presse fenrir.pro

  41. fenrir.pro

  42. fenrir.pro

  43. None

  44. Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro

  45. Android.Xiny.5261 fenrir.pro

  46. Du coup, on fait quoi ? fenrir.pro

  47. fenrir.pro

  48. Contre-mesures fenrir.pro

  49. Question time ! fenrir.pro