Pau Oliva, viaForensics Mobile Security Engineer and co-author of Android Hacker’s Handbook, participated in a Reddit AMA (Ask Me Anything) hosted by /r/netsec. The event took place Thursday, June 12th, 2014.
The large mobile attack surface can be seen as a hostile environment. This presentation will focus on hardening where the critical business data often resides-in the app. Come learn specific techniques attackers may use on every day app vulnerabilities, and how to best protect apps against those attacks.
Cycript is a javaskript interpreter which also understands Objective-C syntax. The goal will be to introduce it and show the attendees how they can hook into a running iOS app, read its internal workings and modify its behavior. Will explain how such runtime manipulation can be used to circumvent security, and ultimately help the developer secure the app from external attackers.
IT departments are locked out of mobile devices without rooting or jailbreaking them, a serious obstacle to securing these devices as they have known vulnerabilities. This talk will review the history of “root” access, epic failures in the fight against such access and a path forward that will accelerate innovation, improve security and privacy controls and make (mobile) life better for everyone.
Santoku Linux is a F/OSS distro dedicated to mobile forensics, security and malware analysis. This talk will introduce Santoku Linux and demonstrate how easily attendees can install and update the OS and quickly move into analysis of both iOS and Android devices, apps and malware. Specific analysis tools and their benefits will be addressed and one or more demonstrated.