Mobile Hacking

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration)

Guillaume Lopes and Davy Douhine, senior pentesters, will share many techniques, tips and tricks with pentesters, bug bounty researchers or just the curious in a 100% "hands-on" training. Their goal is to introduce **tools** (Adb, Apktool, Jadx, Androguard, Cycript, Drozer, Frida, Hopper, Needle, MobSF, etc...) and **techniques** to help you to work faster and in a more efficient way in the mobile ecosystem. This is exactly the training that you would have liked to have before wasting your precious time trying and failing while testing. # Agenda 2 days based mainly on pratical exercices: - Day 1: Android Hacking - Day 2: iOS Hacking Main topics of the training are based on the fresh OWASP MSTG (Mobile Security Testing Guide): - Review the codebase of a mobile app (aka static analysis) - Run the app on a rooted device (to check data security issues) - Inspect the app via instrumentation and manipulate the runtime (aka runtime analysis) - MiTM all the network communications (aka inspect the traffic) # Materials A VM will be provided to the attendees with the pre-installed tools to cover most of the labs.

Presenters:

• Davy Douhine - RandoriSec
  Davy Douhine ([@ddouhine](https://twitter.com/ddouhine)) founder of [RandoriSec](https://randorisec.fr/) an infosec company has been working in the information security field since almost fifteen years. He mainly works for financial, banks and defense key accounts doing pentests and holding trainings to help them to improve their security. He enjoys climbing rocks in Fontainebleau or in the Bourgogne vineyards and practices Brazilian jiu-jitsu.
• Guillaume Lopes - RandoriSec
  Guillaume Lopes ([@Guillaume\_Lopes](https://twitter.com/@Guillaume_Lopes)) is a pentester with 10 years of experience in different fields (Active Directory, Windows, Linux, Web applications, Wifi, Android). Currently working as a Senior Penetration Tester at RandoriSec he is also a member of the Checkmarx Application Security Research Team. He likes to play CTF (Hackthebox, Insomni'hack, Nuit du Hack, BSides Lisbon, etc.) and gives a hand to the Tipi'hack team.

Links:

• https://deepsec.net/archive/2019.deepsec.net/speaker.html#WSLOT400

Similar Presentations:

• AppSec USA 2015 / Training (2 days): Advanced Android and iOS Hands-on Exploitation
• DeepSec 2018 „I like to mov &6974,%bx“ / Advanced Penetration Testing in the Real World
• DeepSec 2020 „The Masquerade“ / Mobile Security Testing Guide Hands-On (closed)