Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
FRAUG - Point sécu Android 2020
Search
Michaël Ohayon
March 18, 2020
Technology
0
69
FRAUG - Point sécu Android 2020
Michaël Ohayon
March 18, 2020
Tweet
Share
More Decks by Michaël Ohayon
See All by Michaël Ohayon
Bringing your Flutter App to the Web
mikklfr
0
67
KED - Prompt Security
mikklfr
0
22
Sécuriser ses appels réseau Android, de 2009 à 2019
mikklfr
0
20
Android et qualité logicielle
mikklfr
0
19
Securing Network Calls on Android, from 2009 to 2019
mikklfr
0
110
Other Decks in Technology
See All in Technology
改めてAWS WAFを振り返る~業務で使うためのポイント~
masakiokuda
1
150
WordPressから ヘッドレスCMSへ! Storyblokへの移行プロセス
nyata
0
350
Model Mondays S2E03: SLMs & Reasoning
nitya
0
240
20250625 Snowflake Summit 2025活用事例 レポート / Nowcast Snowflake Summit 2025 Case Study Report
kkuv
1
370
整頓のジレンマとの戦い〜Tidy First?で振り返る事業とキャリアの歩み〜/Fighting the tidiness dilemma〜Business and Career Milestones Reflected on in Tidy First?〜
bitkey
1
5.7k
Node-REDのFunctionノードでMCPサーバーの実装を試してみた / Node-RED × MCP 勉強会 vol.1
you
PRO
0
130
無意味な開発生産性の議論から抜け出すための予兆検知とお金とAI
i35_267
2
5.5k
強化されたAmazon Location Serviceによる新機能と開発者体験
dayjournal
4
280
React開発にStorybookとCopilotを導入して、爆速でUIを編集・確認する方法
yu_kod
1
110
自律的なスケーリング手法FASTにおけるVPoEとしてのアカウンタビリティ / dev-productivity-con-2025
yoshikiiida
1
5.9k
Fabric + Databricks 2025.6 の最新情報ピックアップ
ryomaru0825
1
160
より良いプロダクトの開発を目指して - 情報を中心としたプロダクト開発 #phpcon #phpcon2025
bengo4com
1
3.2k
Featured
See All Featured
GitHub's CSS Performance
jonrohan
1031
460k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.9k
Bash Introduction
62gerente
614
210k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
60k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Done Done
chrislema
184
16k
4 Signs Your Business is Dying
shpigford
184
22k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
17
950
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.3k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Mobile First: as difficult as doing things right
swwweet
223
9.7k
Producing Creativity
orderedlist
PRO
346
40k
Transcript
Point sécu Android 2020 fenrir.pro
AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro
@lp1eu fenrir.pro
OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL
fenrir.pro
"Tu peux jeter un oeil à mon téléphone ?" fenrir.pro
fenrir.pro
fenrir.pro
Comment on en est arrivé la ? fenrir.pro
Nos méthodes d'analyse fenrir.pro
Setup Terminal Android fenrir.pro
Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur
Setup Analyse du trafic fenrir.pro
Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP
HTTP fenrir.pro
HTTPS fenrir.pro
Chiffrement Asymétrique fenrir.pro
Chiffrement Symétrique fenrir.pro
Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.
Key Exchange
Mais du coup comment il fait Charles (ou Burp/autres[...]) ?
fenrir.pro
Infrastructure à clé
L'exemple du "debug"
Abus de confiance
Abus de confiance
Démo fenrir.pro
Setup Analyse Statique fenrir.pro
apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro
Démo fenrir.pro
Un standard ? fenrir.pro
Ressources fenrir.pro
None
None
None
None
None
None
Et donc au final ? fenrir.pro
fenrir.pro Pubs in app
fenrir.pro Stores
Web fenrir.pro
Stores alternatifs fenrir.pro
Dans la presse fenrir.pro
fenrir.pro
fenrir.pro
None
Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro
Android.Xiny.5261 fenrir.pro
Du coup, on fait quoi ? fenrir.pro
fenrir.pro
Contre-mesures fenrir.pro
Question time ! fenrir.pro