Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
FRAUG - Point sécu Android 2020
Search
Michaël Ohayon
March 18, 2020
Technology
0
64
FRAUG - Point sécu Android 2020
Michaël Ohayon
March 18, 2020
Tweet
Share
More Decks by Michaël Ohayon
See All by Michaël Ohayon
Bringing your Flutter App to the Web
mikklfr
0
47
KED - Prompt Security
mikklfr
0
17
Sécuriser ses appels réseau Android, de 2009 à 2019
mikklfr
0
14
Android et qualité logicielle
mikklfr
0
13
Securing Network Calls on Android, from 2009 to 2019
mikklfr
0
100
Other Decks in Technology
See All in Technology
小規模に始めるデータメッシュとデータガバナンスの実践
kimujun
3
580
使えそうで使われないCloudHSM
maikamibayashi
0
170
「視座」の上げ方が成人発達理論にわかりやすくまとまってた / think_ perspective_hidden_dimensions
shuzon
2
130
Java x Spring Boot Warm up
kazu_kichi_67
2
490
Autify Company Deck
autifyhq
1
39k
visionOSでの空間表現実装とImmersive Video表示について / ai-immersive-visionos
cyberagentdevelopers
PRO
1
110
フルカイテン株式会社 採用資料
fullkaiten
0
36k
物価高なラスベガスでの過ごし方
zakky
0
370
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.6k
IaC運用を楽にするためにCDK Pipelinesを導入したけど、思い通りにいかなかった話
smt7174
1
110
プロダクトチームへのSystem Risk Records導入・運用事例の紹介/Introduction and Case Studies on Implementing and Operating System Risk Records for Product Teams
taddy_919
1
170
最速最小からはじめるデータプロダクト / Data Product MVP
amaotone
5
730
Featured
See All Featured
Statistics for Hackers
jakevdp
796
220k
Six Lessons from altMBA
skipperchong
26
3.5k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
How GitHub (no longer) Works
holman
311
140k
Adopting Sorbet at Scale
ufuk
73
9k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
3
370
Why Our Code Smells
bkeepers
PRO
334
57k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Embracing the Ebb and Flow
colly
84
4.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Transcript
Point sécu Android 2020 fenrir.pro
AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro
@lp1eu fenrir.pro
OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL
fenrir.pro
"Tu peux jeter un oeil à mon téléphone ?" fenrir.pro
fenrir.pro
fenrir.pro
Comment on en est arrivé la ? fenrir.pro
Nos méthodes d'analyse fenrir.pro
Setup Terminal Android fenrir.pro
Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur
Setup Analyse du trafic fenrir.pro
Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP
HTTP fenrir.pro
HTTPS fenrir.pro
Chiffrement Asymétrique fenrir.pro
Chiffrement Symétrique fenrir.pro
Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.
Key Exchange
Mais du coup comment il fait Charles (ou Burp/autres[...]) ?
fenrir.pro
Infrastructure à clé
L'exemple du "debug"
Abus de confiance
Abus de confiance
Démo fenrir.pro
Setup Analyse Statique fenrir.pro
apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro
Démo fenrir.pro
Un standard ? fenrir.pro
Ressources fenrir.pro
None
None
None
None
None
None
Et donc au final ? fenrir.pro
fenrir.pro Pubs in app
fenrir.pro Stores
Web fenrir.pro
Stores alternatifs fenrir.pro
Dans la presse fenrir.pro
fenrir.pro
fenrir.pro
None
Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro
Android.Xiny.5261 fenrir.pro
Du coup, on fait quoi ? fenrir.pro
fenrir.pro
Contre-mesures fenrir.pro
Question time ! fenrir.pro