Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon Michaël Ohayon
March 18, 2020
Technology
0
70

FRAUG - Point sécu Android 2020

Avatar for Michaël Ohayon

Michaël Ohayon

March 18, 2020
Tweet

More Decks by Michaël Ohayon

See All by Michaël Ohayon
Bringing your Flutter App to the Web
Avatar for Michaël Ohayon mikklfr
0
72
KED - Prompt Security
Avatar for Michaël Ohayon mikklfr
0
22
Sécuriser ses appels réseau Android, de 2009 à 2019
Avatar for Michaël Ohayon mikklfr
0
20
Android et qualité logicielle
Avatar for Michaël Ohayon mikklfr
0
21
Securing Network Calls on Android, from 2009 to 2019
Avatar for Michaël Ohayon mikklfr
0
110

Other Decks in Technology

See All in Technology
AWSで推進するデータマネジメント
Avatar for かわなご kawanago
0
310
Figma + Storybook + PlaywrightのMCPを使ったフロントエンド開発
Avatar for Yuji Yamaguchi yug1224
10
3.4k
自社製CMSからmicroCMSへのリプレースがプロダクトグロースを加速させた話
Avatar for nextbeat-engineer nextbeatdev
0
360
LLM翻訳ツールの開発と海外のお客様対応等への社内導入事例
Avatar for gree_tech gree_tech
PRO
0
330
トヨタ生産方式(TPS)入門
Avatar for Recruit recruitengineers
PRO
5
1.3k
「魔法少女まどか☆マギカ Magia Exedra」での負荷試験の実践と学び
Avatar for gree_tech gree_tech
PRO
0
330
ここ一年のCCoEとしてのAWSコスト最適化を振り返る / CCoE AWS Cost Optimization devio2025
Avatar for MasahiroKawahara masahirokawahara
1
770
AWS環境のリソース調査を Claude Code で効率化 / aws investigate with cc devio2025
Avatar for MasahiroKawahara masahirokawahara
2
640
「魔法少女まどか☆マギカ Magia Exedra」のグローバル展開を支える、開発チームと翻訳チームの「意識しない協創」を実現するローカライズシステム
Avatar for gree_tech gree_tech
PRO
0
320
新規案件の立ち上げ専門チームから見たAI駆動開発の始め方
Avatar for ShuyaKinjo shuyakinjo
0
590
Preferred Networks (PFN) とLLM Post-Training チームの紹介 / 第4回 関東Kaggler会 スポンサーセッション
Avatar for Preferred Networks pfn
PRO
1
290
実践アプリケーション設計 ③ドメイン駆動設計
Avatar for Recruit recruitengineers
PRO
13
3.7k

Featured

See All Featured
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
160
23k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
507
140k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
64
7.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
284
13k
Navigating Team Friction
Avatar for Lara Hogan lara
189
15k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
23
1.4k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7.1k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
525
40k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.6k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k

Transcript

  1. Point sécu Android 2020 fenrir.pro

  2. AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro

    @lp1eu fenrir.pro

  3. OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL

    fenrir.pro

  4. "Tu peux jeter un oeil à mon téléphone ?" fenrir.pro

  5. fenrir.pro

  6. fenrir.pro

  7. Comment on en est arrivé la ? fenrir.pro

  8. Nos méthodes d'analyse fenrir.pro

  9. Setup Terminal Android fenrir.pro

  10. Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur

  11. Setup Analyse du trafic fenrir.pro

  12. Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP

  13. HTTP fenrir.pro

  14. HTTPS fenrir.pro

  15. Chiffrement Asymétrique fenrir.pro

  16. Chiffrement Symétrique fenrir.pro

  17. Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.

    Key Exchange

  18. Mais du coup comment il fait Charles (ou Burp/autres[...]) ?

    fenrir.pro

  19. Infrastructure à clé

  20. L'exemple du "debug"

  21. Abus de confiance

  22. Abus de confiance

  23. Démo fenrir.pro

  24. Setup Analyse Statique fenrir.pro

  25. apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro

  26. Démo fenrir.pro

  27. Un standard ? fenrir.pro

  28. Ressources fenrir.pro

  29. None
  30. None
  31. None
  32. None
  33. None
  34. None

  35. Et donc au final ? fenrir.pro

  36. fenrir.pro Pubs in app

  37. fenrir.pro Stores

  38. Web fenrir.pro

  39. Stores alternatifs fenrir.pro

  40. Dans la presse fenrir.pro

  41. fenrir.pro

  42. fenrir.pro

  43. None

  44. Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro

  45. Android.Xiny.5261 fenrir.pro

  46. Du coup, on fait quoi ? fenrir.pro

  47. fenrir.pro

  48. Contre-mesures fenrir.pro

  49. Question time ! fenrir.pro