Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
FRAUG - Point sécu Android 2020
Search
Michaël Ohayon
March 18, 2020
Technology
0
69
FRAUG - Point sécu Android 2020
Michaël Ohayon
March 18, 2020
Tweet
Share
More Decks by Michaël Ohayon
See All by Michaël Ohayon
Bringing your Flutter App to the Web
mikklfr
0
69
KED - Prompt Security
mikklfr
0
22
Sécuriser ses appels réseau Android, de 2009 à 2019
mikklfr
0
20
Android et qualité logicielle
mikklfr
0
21
Securing Network Calls on Android, from 2009 to 2019
mikklfr
0
110
Other Decks in Technology
See All in Technology
AWS CDK 入門ガイド これだけは知っておきたいヒント集
anank
5
750
伴走から自律へ: 形式知へと導くSREイネーブリングによる プロダクトチームの信頼性オーナーシップ向上 / SRE NEXT 2025
visional_engineering_and_design
3
460
How to Quickly Call American Airlines®️ U.S. Customer Care : Full Guide
flyaahelpguide
0
240
Talk to Someone At Delta Airlines™️ USA Contact Numbers
travelcarecenter
0
160
60以上のプロダクトを持つ組織における開発者体験向上への取り組み - チームAPIとBackstageで構築する組織の可視化基盤 - / sre next 2025 Efforts to Improve Developer Experience in an Organization with Over 60 Products
vtryo
3
1.9k
AWS 怖い話 WAF編 @fillz_noh #AWSStartup #AWSStartup_Kansai
fillznoh
0
130
Delegating the chores of authenticating users to Keycloak
ahus1
0
190
cdk initで生成されるあのファイル達は何なのか/cdk-init-generated-files
tomoki10
1
670
PHPからはじめるコンピュータアーキテクチャ / From Scripts to Silicon: A Journey Through the Layers of Computing
tomzoh
2
120
SREの次のキャリアの道しるべ 〜SREがマネジメントレイヤーに挑戦して、 気づいたこととTips〜
coconala_engineer
1
4.3k
振り返りTransit Gateway ~VPCをいい感じでつなげるために~
masakiokuda
3
210
アクセスピークを制するオートスケール再設計: 障害を乗り越えKEDAで実現したリソース管理の最適化
myamashii
1
660
Featured
See All Featured
Mobile First: as difficult as doing things right
swwweet
223
9.7k
Visualization
eitanlees
146
16k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
Why Our Code Smells
bkeepers
PRO
337
57k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
340
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.9k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
It's Worth the Effort
3n
185
28k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
RailsConf 2023
tenderlove
30
1.1k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.7k
Transcript
Point sécu Android 2020 fenrir.pro
AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro
@lp1eu fenrir.pro
OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL
fenrir.pro
"Tu peux jeter un oeil à mon téléphone ?" fenrir.pro
fenrir.pro
fenrir.pro
Comment on en est arrivé la ? fenrir.pro
Nos méthodes d'analyse fenrir.pro
Setup Terminal Android fenrir.pro
Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur
Setup Analyse du trafic fenrir.pro
Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP
HTTP fenrir.pro
HTTPS fenrir.pro
Chiffrement Asymétrique fenrir.pro
Chiffrement Symétrique fenrir.pro
Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.
Key Exchange
Mais du coup comment il fait Charles (ou Burp/autres[...]) ?
fenrir.pro
Infrastructure à clé
L'exemple du "debug"
Abus de confiance
Abus de confiance
Démo fenrir.pro
Setup Analyse Statique fenrir.pro
apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro
Démo fenrir.pro
Un standard ? fenrir.pro
Ressources fenrir.pro
None
None
None
None
None
None
Et donc au final ? fenrir.pro
fenrir.pro Pubs in app
fenrir.pro Stores
Web fenrir.pro
Stores alternatifs fenrir.pro
Dans la presse fenrir.pro
fenrir.pro
fenrir.pro
None
Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro
Android.Xiny.5261 fenrir.pro
Du coup, on fait quoi ? fenrir.pro
fenrir.pro
Contre-mesures fenrir.pro
Question time ! fenrir.pro