Last year, at BSides Budapest, we delivered a workshop about Mobile Hacking on Android and iOS. The idea, we had at this time, was to give a very short introduction of our 3 days training about Mobile Hacking. Note: This training was already delivered at Hack In Paris (2019), at DeepSec (2018 and 2019) and also online (2020). However, we noticed that 2 hours are too short to be able to introduce different concepts in Android and iOS mobile apps…
Security conferences are an excellent way to access top-notch quality trainings but with all this actual mess they are cancelled or postponed. However, life keeps going and we still need to train in order to improve our skills. So, we are pleased to announce that we are going to offer our Mobile Hacking training in an online form! Of course, we prefer to have real interactions with the attendees because we think it’s the best way to give trainings but as nodoby actually knows when this will be possible again, we want to try our best to continue to train whoever wants to learn mobile security.
Since 2017 and as a result of the Bangladesh Bank cyber heist, SWIFT established a Customer Security Programme which describes a set of mandatory and advisory security controls for participants. All customers need to re-attest and confirm full compliance with the mandatory security controls. As stated by SWIFT’s CEO in May 2016: The Bangladesh Bank hack was a watershed event for the banking industry. There will be a before and an after Bangladesh.
Guillaume et moi-même avons écrit trois articles sur la sécurité des applications mobiles (tout le dossier en fait ;), qui ont été publiés dans le magazine MISC106 de novembre/décembre : Contournement de l’API Google Play Billing (for fun and profit ;) Auditer la sécurité d’une application iOS (avec et sans jailbreak) Présentation du Mobile Security Testing Guide de l’OWASP (devenu LA référence dans le domaine) Comme à notre habitude nous aurions aimé opter pour une licence CC dans le but de mettre les articles à disposition au plus grand nombre dès l’expiration des droits d’auteur, mais cela n’a été possible que pour un seul des trois articles.