Reverse Engineering Mobile Apps

Presented at BSidesSF 2019, March 2, 2019, 9 a.m. (165 minutes)

TO REGISTER FOR THIS WORKSHOP, GO [HERE](https://bsidessf.regfox.com/2019). NOTE THAT SPACE IS VERY LIMITED. Learn how to extract, unpack, analyze, and modify Android apps (and some iOS apps) in a fun, CTF-style hands-on workshop. Topics include password exposure in network traffic, logs, and local storage; certificate verification flaws; keylogging; MDM systems; and cryptography errors. We will use real commercial apps as targets, including apps from Schwab, Citi, Harvard, IBM, TD Ameritrade, and Stitcher. All vulnerabilities were responsibly disclosed years ago (and mostly ignored). No coding experience is required.

Presenters:

• Sam Bowne - City College San Francisco
  Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on training at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges.

Links:

• https://bsidessf2019.sched.com/event/K4WG/reverse-engineering-mobile-apps

Similar Presentations:

• VB2018 / Little Brother is watching - we know all your secrets!
• DEF CON 11 (2003) / Hacking Web Apps
• DerbyCon 3.0 All in the Family (2013) / iOS.reverse #=> iPwn Apps