Using Memory, Filesystems And Runtime To App Pen iOS And Android

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration).

The whitehat presenter will unlock some of the mysteries of the iDevice and Android-device memory intrinsics, filesystem/process sandboxes, and the OO runtime by walking through the techniques, including common obfuscations. The ethical attendee will learn how to take any popular, off-the-shelf mobile device (including ones that claim encrypted memory/flash) and transform it into a powerful tool that can be used to understand what risks can happen to the user/owner of that device.

Presenters:

• Andre Gironda
  Andre Gironda is an app pen-tester. He has been banging up iOS and Android apps for the Fortune 10 and their partners, along with Web Services and some webapps, using full-scope software security assessments for 2 years at HP after 4 years of freelance pen-testing and reverse engineering. He is a strong believer in the power of the individual to learn, unlearn, and re-learn code alongside debugging, hooking, and tracing techniques.

Links:

• https://deepsec.net/archive/2013.deepsec.net/speaker.html#PSLOT122

Similar Presentations:

• AppSec USA 2017 / Mobile App Attack (1 of 2 days)
• AppSec USA 2017 / Mobile App Attack (2 of 2 days)
• DeepSec 2020 „The Masquerade“ / Mobile Security Testing Guide Hands-On (closed)