Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FRAUG - Point sécu Android 2020

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Michaël Ohayon Michaël Ohayon
March 18, 2020
Technology
0
73

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon

Michaël Ohayon

March 18, 2020
Tweet

More Decks by Michaël Ohayon

See All by Michaël Ohayon
Bringing your Flutter App to the Web
Avatar for Michaël Ohayon mikklfr
0
86
KED - Prompt Security
Avatar for Michaël Ohayon mikklfr
0
29
Sécuriser ses appels réseau Android, de 2009 à 2019
Avatar for Michaël Ohayon mikklfr
0
23
Android et qualité logicielle
Avatar for Michaël Ohayon mikklfr
0
27
Securing Network Calls on Android, from 2009 to 2019
Avatar for Michaël Ohayon mikklfr
0
120

Other Decks in Technology

See All in Technology
ADK + Gemini Enterprise で 外部 API 連携エージェント作るなら OAuth の仕組みを理解しておこう
Avatar for Kaz kaz1437
0
210
タスク管理も1on1も、もう「管理」じゃない - KiroとBedrock AgentCoreで変わった“判断の仕事”
Avatar for Yusuke Shimizu yusukeshimizu
0
110
Zephyr(RTOS)でOpenPLCを実装してみた
Avatar for misoji engineer iotengineer22
0
120
JEDAI認定プログラム JEDAI Order 2026 受賞者一覧 / JEDAI Order 2026 Winners
Avatar for Databricks Japan databricksjapan
0
370
「AIエージェントで変わる開発プロセス―レビューボトルネックからの脱却」
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
150
BFCacheを活用して無限スクロールのUX を改善した話
Avatar for Ryuya Yanagi apple_yagi
0
130
RGBに陥らないために -プロダクトの価値を届けるまで-
Avatar for RightTouch righttouch
PRO
0
120
20260323_データ分析基盤でGeminiを使う話
Avatar for yuichi 1210yuichi0
0
190
Amazon Qはアマコネで頑張っています〜 Amazon Q in Connectについて〜
Avatar for Yuuki Yamashita yama3133
1
140
SaaSに宿る21g
Avatar for Yamakan kanyamaguc
2
170
昔話で振り返るAWSの歩み ~S3誕生から20年、クラウドはどう進化したのか~
Avatar for NRI Netcom nrinetcom
PRO
0
100
Phase04_ターミナル基礎
Avatar for overflow ,Inc overflowinc
0
2.5k

Featured

See All Featured
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
2.6k
Between Models and Reality
Avatar for mayunak mayunak
2
240
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.2k
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
1
89
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
240
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
9
1.8k
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.4k
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
33k
Paper Plane (Part 1)
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
6k
SEO Brein meetup: CTRL+C is not how to scale international SEO
Avatar for Linda Hogenes lindahogenes
1
2.5k
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
Avatar for Kenny Baas-Schwegler baasie
0
270

Transcript

  1. Point sécu Android 2020 fenrir.pro

  2. AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro

    @lp1eu fenrir.pro

  3. OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL

    fenrir.pro

  4. "Tu peux jeter un oeil à mon téléphone ?" fenrir.pro

  5. fenrir.pro

  6. fenrir.pro

  7. Comment on en est arrivé la ? fenrir.pro

  8. Nos méthodes d'analyse fenrir.pro

  9. Setup Terminal Android fenrir.pro

  10. Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur

  11. Setup Analyse du trafic fenrir.pro

  12. Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP

  13. HTTP fenrir.pro

  14. HTTPS fenrir.pro

  15. Chiffrement Asymétrique fenrir.pro

  16. Chiffrement Symétrique fenrir.pro

  17. Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.

    Key Exchange

  18. Mais du coup comment il fait Charles (ou Burp/autres[...]) ?

    fenrir.pro

  19. Infrastructure à clé

  20. L'exemple du "debug"

  21. Abus de confiance

  22. Abus de confiance

  23. Démo fenrir.pro

  24. Setup Analyse Statique fenrir.pro

  25. apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro

  26. Démo fenrir.pro

  27. Un standard ? fenrir.pro

  28. Ressources fenrir.pro

  29. None
  30. None
  31. None
  32. None
  33. None
  34. None

  35. Et donc au final ? fenrir.pro

  36. fenrir.pro Pubs in app

  37. fenrir.pro Stores

  38. Web fenrir.pro

  39. Stores alternatifs fenrir.pro

  40. Dans la presse fenrir.pro

  41. fenrir.pro

  42. fenrir.pro

  43. None

  44. Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro

  45. Android.Xiny.5261 fenrir.pro

  46. Du coup, on fait quoi ? fenrir.pro

  47. fenrir.pro

  48. Contre-mesures fenrir.pro

  49. Question time ! fenrir.pro