Davy Douhine 2 min

This year, RandoriSec had the chance to deliver a mobile hacking workshop at BSides Dublin. The first two hours of the workshop were dedicated to Android and was delivered by Guillaume Lopes. Then, the second part was focused on iOS and was presented by Davy Douhine.

We would like to thank the BSides Dublin organizers and all people involved for the awesome event and also the speakers for the great talks. We hope to be able to go to Dublin in 2022!

BSides Dublin 2022 location

Android

The objective of the Android workshop was to resolve the OWASP Crackmes (Level 1, 2 and 3) using different tools and techniques:

  • Level 1
    • Code Tampering with apktool
    • Frida
    • Frida using the frida gadget library
  • Levels 2 and 3
    • Frida and Ghidra

The slides provides a step by step guide to resolve the crackmes.

iOS

The slides of the iOS workshop presents a (very) short introduction to learn the main basics to assess the security of iOS apps. It contains 8 short pratical exercices in each of the 4 main aspects of mobile app assessments:

1 .Static Analysis

  1. Data Security
  2. Execution Analysis
  3. Transport Security

It was the first time the full iOS workshop was delivered using Corellium only. So no physical iOS devices was needed!

Github

You can find the slides (total of nearly 200 slides) and all needed files to replay these workshops on your own in our Github repository:

Additionnaly, we should plan new remote training sessions soon so stay tuned!!

Happy Hacking!

Catégories

0day (15)

Bugbounty (2)

Conference (26)

Ctf (2)

General (6)

Gestion de crise (1)

Pentest (30)

Publications (15)

Responsible disclosure (17)

Spyware (1)

Swift (1)

Training (15)

Workshop (1)

Tags

Workshop
Mobile
Security
Online
OWASP
MSTG
Android
IOS
Corellium