Guillaume Lopes 2 min

Last year, at BSides Budapest, we delivered a workshop about Mobile Hacking on Android and iOS.

The idea, we had at this time, was to give a very short introduction of our 3 days training about Mobile Hacking. Note: This training was already delivered at Hack In Paris (2019), at DeepSec (2018 and 2019) and also online (2020). However, we noticed that 2 hours are too short to be able to introduce different concepts in Android and iOS mobile apps…

So, for this year’s edition of BSides Budapest, we decided to give 2 separate workshops. One focusing on Android and the other on iOS! Due to the Coronavirus situation, the BSides Budapest conference was postponed on 28th May 2020 and this edition went full online!

The content of the Android workshop was to resolve the OWASP Crackmes (Level 1, 2 and 3) using different techniques:

  • Code Tampering
  • Frida
  • Frida using lib-gadget

The content of the iOS workshop was a (very) short introduction to learn the basics in order to assess the security of iOS apps.

It contains 8 short pratical exercices in each of the 4 main aspects of mobile app assessments:

  • Static Analysis
  • Data Security
  • Execution Analysis
  • Transport Security

You can find the slides and all needed files to replay this workshop in our Github repository:

Additionnaly, we should plan a new live session of these workshops soon so stay tuned!!

Happy Hacking!