Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon Michaël Ohayon
March 18, 2020
Technology
0
69

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon

Michaël Ohayon

March 18, 2020
Tweet

More Decks by Michaël Ohayon

See All by Michaël Ohayon
Bringing your Flutter App to the Web
Avatar for Michaël Ohayon mikklfr
0
66
KED - Prompt Security
Avatar for Michaël Ohayon mikklfr
0
22
Sécuriser ses appels réseau Android, de 2009 à 2019
Avatar for Michaël Ohayon mikklfr
0
19
Android et qualité logicielle
Avatar for Michaël Ohayon mikklfr
0
18
Securing Network Calls on Android, from 2009 to 2019
Avatar for Michaël Ohayon mikklfr
0
110

Other Decks in Technology

See All in Technology
AI-in-the-Enterprise|OpenAIが公開した「AI導入7つの教訓」——ChatGPTで変わる企業の未来とは?
Avatar for CUSTOMER CLOUD CORP. customercloud
PRO
0
160
Azure × MCP 入門
Avatar for Ryosuke Hyakuta ry0y4n
8
1.6k
大規模サーバーレスプロジェクトのリアルな零れ話
Avatar for mai miya maimyyym
3
200
Новые мапы в Go. Вова Марунин, Clatch, МТС
Avatar for Lamoda Tech lamodatech
0
2k
Part2 GitHub Copilotってなんだろう
Avatar for tomokusaba tomokusaba
2
730
Notion x ポストモーテムで広げる組織の学び / Notion x Postmortem
Avatar for Isao Shimizu isaoshimizu
1
160
2025-04-14 Data & Analytics 井戸端会議 Multi tenant log platform with Iceberg
Avatar for kamijin_fanta kamijin_fanta
1
190
Part1 GitHubってなんだろう?その2
Avatar for tomokusaba tomokusaba
2
700
TanStack Start 技術選定の裏側 / Findy-Lunch-LT-TanStack-Start
Avatar for Takahiro Ikeuchi iktakahiro
0
110
クラウドネイティブ環境の脅威モデリング
Avatar for Kyohei Mizumoto kyohmizu
1
400
ビジネスとデザインとエンジニアリングを繋ぐために 一人のエンジニアは何ができるか / What can a single engineer do to connect business, design, and engineering?
Avatar for 株式会社カミナシ kaminashi
2
890
ペアーズにおける評価ドリブンな AI Agent 開発のご紹介
Avatar for fukubaka0825 fukubaka0825
9
2.5k

Featured

See All Featured
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
14
1.4k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
13
840
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
344
40k
KATA
Avatar for Megan Lloyd mclloyd
29
14k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.3k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
52
7.6k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
177
9.7k
Building an army of robots
Avatar for Kyle Neath kneath
305
45k
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
46
14k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
6
540

Transcript

  1. Point sécu Android 2020 fenrir.pro

  2. AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro

    @lp1eu fenrir.pro

  3. OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL

    fenrir.pro

  4. "Tu peux jeter un oeil à mon téléphone ?" fenrir.pro

  5. fenrir.pro

  6. fenrir.pro

  7. Comment on en est arrivé la ? fenrir.pro

  8. Nos méthodes d'analyse fenrir.pro

  9. Setup Terminal Android fenrir.pro

  10. Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur

  11. Setup Analyse du trafic fenrir.pro

  12. Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP

  13. HTTP fenrir.pro

  14. HTTPS fenrir.pro

  15. Chiffrement Asymétrique fenrir.pro

  16. Chiffrement Symétrique fenrir.pro

  17. Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.

    Key Exchange

  18. Mais du coup comment il fait Charles (ou Burp/autres[...]) ?

    fenrir.pro

  19. Infrastructure à clé

  20. L'exemple du "debug"

  21. Abus de confiance

  22. Abus de confiance

  23. Démo fenrir.pro

  24. Setup Analyse Statique fenrir.pro

  25. apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro

  26. Démo fenrir.pro

  27. Un standard ? fenrir.pro

  28. Ressources fenrir.pro

  29. None
  30. None
  31. None
  32. None
  33. None
  34. None

  35. Et donc au final ? fenrir.pro

  36. fenrir.pro Pubs in app

  37. fenrir.pro Stores

  38. Web fenrir.pro

  39. Stores alternatifs fenrir.pro

  40. Dans la presse fenrir.pro

  41. fenrir.pro

  42. fenrir.pro

  43. None

  44. Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro

  45. Android.Xiny.5261 fenrir.pro

  46. Du coup, on fait quoi ? fenrir.pro

  47. fenrir.pro

  48. Contre-mesures fenrir.pro

  49. Question time ! fenrir.pro