Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon Michaël Ohayon
March 18, 2020
Technology
0
72

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon

Michaël Ohayon

March 18, 2020
Tweet

More Decks by Michaël Ohayon

See All by Michaël Ohayon
Bringing your Flutter App to the Web
Avatar for Michaël Ohayon mikklfr
0
81
KED - Prompt Security
Avatar for Michaël Ohayon mikklfr
0
26
Sécuriser ses appels réseau Android, de 2009 à 2019
Avatar for Michaël Ohayon mikklfr
0
22
Android et qualité logicielle
Avatar for Michaël Ohayon mikklfr
0
25
Securing Network Calls on Android, from 2009 to 2019
Avatar for Michaël Ohayon mikklfr
0
110

Other Decks in Technology

See All in Technology
AI時代の開発フローとともに気を付けたいこと
Avatar for KAMEGAWA Kazushi kkamegawa
0
950
その設計、 本当に価値を生んでますか?
Avatar for akshimo shimomura
3
200
日本Rubyの会の構造と実行とあと何か / hokurikurk01
Avatar for Masayoshi Takahashi takahashim
4
780
Claude Code Getting Started Guide(en)
Avatar for Oikon oikon48
0
160
Playwrightのソースコードに見る、自動テストを自動で書く技術
Avatar for Yusuke Iwaki yusukeiwaki
12
4.2k
知っていると得する!Movable Type 9 の新機能を徹底解説
Avatar for hayase masakah
0
230
翻訳・対話・越境で強いチームワークを作ろう! / Building Strong Teamwork through Interpretation, Dialogue, and Border-Crossing
Avatar for ar_tama ar_tama
4
1.7k
Docker, Infraestructuras seguras y Hardening
Avatar for José Juan Sánchez Hernández josejuansanchez
0
150
pmconf2025 - 他社事例を"自社仕様化"する技術_iRAFT法
Avatar for yamachi|@yamapiya_ daichi_yamashita
0
670
How native lazy objects will change Doctrine and Symfony forever
Avatar for Benjamin Eberlei beberlei
1
390
AIと二人三脚で育てた、個人開発アプリグロース術
Avatar for ZOZO Developers zozotech
PRO
0
370
[JAWS-UG 横浜支部 #91]DevOps Agent vs CloudWatch Investigations -比較と実践-
Avatar for sh_fk2 sh_fk2
1
170

Featured

See All Featured
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
16
1.8k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
269
13k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
51k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
38
3k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.3k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
990
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
31
2.7k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
30
5.7k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
210
24k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
10k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
470k
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
8
1.3k

Transcript

  1. Point sécu Android 2020 fenrir.pro

  2. AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro

    @lp1eu fenrir.pro

  3. OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL

    fenrir.pro

  4. "Tu peux jeter un oeil à mon téléphone ?" fenrir.pro

  5. fenrir.pro

  6. fenrir.pro

  7. Comment on en est arrivé la ? fenrir.pro

  8. Nos méthodes d'analyse fenrir.pro

  9. Setup Terminal Android fenrir.pro

  10. Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur

  11. Setup Analyse du trafic fenrir.pro

  12. Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP

  13. HTTP fenrir.pro

  14. HTTPS fenrir.pro

  15. Chiffrement Asymétrique fenrir.pro

  16. Chiffrement Symétrique fenrir.pro

  17. Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.

    Key Exchange

  18. Mais du coup comment il fait Charles (ou Burp/autres[...]) ?

    fenrir.pro

  19. Infrastructure à clé

  20. L'exemple du "debug"

  21. Abus de confiance

  22. Abus de confiance

  23. Démo fenrir.pro

  24. Setup Analyse Statique fenrir.pro

  25. apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro

  26. Démo fenrir.pro

  27. Un standard ? fenrir.pro

  28. Ressources fenrir.pro

  29. None
  30. None
  31. None
  32. None
  33. None
  34. None

  35. Et donc au final ? fenrir.pro

  36. fenrir.pro Pubs in app

  37. fenrir.pro Stores

  38. Web fenrir.pro

  39. Stores alternatifs fenrir.pro

  40. Dans la presse fenrir.pro

  41. fenrir.pro

  42. fenrir.pro

  43. None

  44. Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro

  45. Android.Xiny.5261 fenrir.pro

  46. Du coup, on fait quoi ? fenrir.pro

  47. fenrir.pro

  48. Contre-mesures fenrir.pro

  49. Question time ! fenrir.pro