Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon Michaël Ohayon
March 18, 2020
Technology
0
71

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon

Michaël Ohayon

March 18, 2020
Tweet

More Decks by Michaël Ohayon

See All by Michaël Ohayon
Bringing your Flutter App to the Web
Avatar for Michaël Ohayon mikklfr
0
75
KED - Prompt Security
Avatar for Michaël Ohayon mikklfr
0
23
Sécuriser ses appels réseau Android, de 2009 à 2019
Avatar for Michaël Ohayon mikklfr
0
21
Android et qualité logicielle
Avatar for Michaël Ohayon mikklfr
0
22
Securing Network Calls on Android, from 2009 to 2019
Avatar for Michaël Ohayon mikklfr
0
110

Other Decks in Technology

See All in Technology
webpack依存からの脱却!快適フロントエンド開発をViteで実現する #vuefes
Avatar for 弁護士ドットコム bengo4com
4
3.7k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
2
120
Oracle Base Database Service 技術詳細
Avatar for oracle4engineer oracle4engineer
PRO
14
82k
Azure Well-Architected Framework入門
Avatar for tomokusaba tomokusaba
1
140
ラスベガスの歩き方 2025年版(re:Invent 事前勉強会)
Avatar for JunjiKoide junjikoide
0
550
[re:Inent2025事前勉強会(有志で開催)] re:Inventで見つけた人生をちょっと変えるコツ
Avatar for sh_fk2 sh_fk2
1
940
serverless team topology
Avatar for kensh _kensh
3
240
IBC 2025 動画技術関連レポート / IBC 2025 Report
Avatar for CyberAgent cyberagentdevelopers
PRO
2
220
re:Inventに行くまでにやっておきたいこと
Avatar for nagisa_53 nagisa53
0
710
東京大学「Agile-X」のFPGA AIデザインハッカソンを制したソニーのAI最適化
Avatar for ソニー株式会社 sony
0
150
.NET 10のBlazorの期待の新機能
Avatar for tkym htkym
0
150
Retrospectiveを振り返ろう
Avatar for なかしょ nakasho
0
130

Featured

See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
45
7.7k
KATA
Avatar for Megan Lloyd mclloyd
PRO
32
15k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
272
27k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
27
2.1k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
234
18k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
53k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
44
7.9k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
15k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
8.9k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7.2k

Transcript

  1. Point sécu Android 2020 fenrir.pro

  2. AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro

    @lp1eu fenrir.pro

  3. OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL

    fenrir.pro

  4. "Tu peux jeter un oeil à mon téléphone ?" fenrir.pro

  5. fenrir.pro

  6. fenrir.pro

  7. Comment on en est arrivé la ? fenrir.pro

  8. Nos méthodes d'analyse fenrir.pro

  9. Setup Terminal Android fenrir.pro

  10. Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur

  11. Setup Analyse du trafic fenrir.pro

  12. Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP

  13. HTTP fenrir.pro

  14. HTTPS fenrir.pro

  15. Chiffrement Asymétrique fenrir.pro

  16. Chiffrement Symétrique fenrir.pro

  17. Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.

    Key Exchange

  18. Mais du coup comment il fait Charles (ou Burp/autres[...]) ?

    fenrir.pro

  19. Infrastructure à clé

  20. L'exemple du "debug"

  21. Abus de confiance

  22. Abus de confiance

  23. Démo fenrir.pro

  24. Setup Analyse Statique fenrir.pro

  25. apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro

  26. Démo fenrir.pro

  27. Un standard ? fenrir.pro

  28. Ressources fenrir.pro

  29. None
  30. None
  31. None
  32. None
  33. None
  34. None

  35. Et donc au final ? fenrir.pro

  36. fenrir.pro Pubs in app

  37. fenrir.pro Stores

  38. Web fenrir.pro

  39. Stores alternatifs fenrir.pro

  40. Dans la presse fenrir.pro

  41. fenrir.pro

  42. fenrir.pro

  43. None

  44. Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro

  45. Android.Xiny.5261 fenrir.pro

  46. Du coup, on fait quoi ? fenrir.pro

  47. fenrir.pro

  48. Contre-mesures fenrir.pro

  49. Question time ! fenrir.pro