NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY!

NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers LIVE online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register your crew today!

NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY! NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY! Show More
magnifying glass icon

Pau Oliva Fora

Former Mobile Security Engineer at NowSecure

Pau is a mobile security engineer, co-author of the “Android Hacker's Handbook,” and speaker at a variety of security conferences including DEF CON, RSA, RootedCon, NoConName, and OWASP.

Defeating SEAndroid – DEFCON 21 Presentation

viaForensics Sr. Mobile Security Engineer Pau Oliva (@pof) took the stage at DEFCON 21 this year to present “Defeating Security Enhancements (SE) for Android.” NOTE: We have posted videos and links to the PoC code for two of Pau’s demos in a separate blog. From his abstract:

Security Enhancements for Android (SEAndroid) enables the use of SELinux in Android in order to limit the damage that can be done by malicious apps, trying to make exploitation harder. Some OEMs are trying hard to implement extra mitigations in their devices, especially those aiming to reach the enterprise market. We will present some issues that are found in devices currently implementing SEAndroid, and demonstrate how vendors FAIL in properly implementing SEAndroid protection.