Blog banner image

[PUBLICATION] Mobile Hacking CheatSheet

Davy Douhine 25 Aout 2021 Publications

Last year, after noticing that no serious cheatsheet about mobile security was around, we’ve published a first attempt to summarise a few interesting basics info regarding tools and commands needed to assess the security of Android and iOS mobile applications. It seemed well received by the security community and the bug bounty community, in particular despite a few typos. We’ve released a special version for the HITBCyberWeek a few months later, without the typos.

Blog banner image

[TRAINING] Mobile Hacking Online - June 2021

Davy Douhine 7 Avril 2021 Training

We are pleased to announce that we are going to give a new session of our Mobile Hacking training in an online form!. Save the date June 21, 22 and 23 2021. Here is the pitch of the training: Guillaume Lopes and Davy Douhine, senior pentesters, will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious a 100% hands-on 3 days mobile training.

Blog banner image

[WORKSHOP] BSides Dublin 2021 - Android/iOS Mobile Hacking Workshop

Davy Douhine 30 Mars 2021 Training

This year, RandoriSec had the chance to deliver a mobile hacking workshop at BSides Dublin. The first two hours of the workshop were dedicated to Android and was delivered by Guillaume Lopes. Then, the second part was focused on iOS and was presented by Davy Douhine. We would like to thank the BSides Dublin organizers and all people involved for the awesome event and also the speakers for the great talks.

Setting-up Mobexler with VMWare and Android Studio

Guillaume Lopes 16 Mars 2021 Pentest

Mobexler Mobexler is a customized virtual machine containing several preinstalled tools such as Android Studio, JADX, apktool and Frida. Its goal is to help pentesters or security researchers to perform security audits on Android and iOS applications with a ready-to-go environment. This virtual machine was designed and published by Enciphers Objectives The objective of this blogpost is to show you how to use Mobexler with VMWare and especially how to create an Android Virtual Device (AVD) with Android Studio.

Blog banner image

Formations Mobile Hacking 2020

Davy Douhine 8 Octobre 2020 Conference

Nous intervenons régulièrement lors des conférences internationales et donc en anglais mais nous ne délaissons pas non plus les passionnés français et francophones. ENSEIRB MATMECA Cette année nous sommes fiers d’annoncer que nous allons aider, à notre niveau, à former la nouvelle génération en formant les élèves ingénieurs de l’option “cybeR-sécurité, Systèmes et Réseaux” de l’ENSEIRB-MATMECA (École nationale supérieure d’électronique, informatique, télécommunications, mathématique et mécanique de Bordeaux), (labellisée SecNumEdu par l’ANSSI) aux bases de la sécurité des applications mobiles (Android et iOS).

Blog banner image

Trainings 2020 - Schedule update

Davy Douhine 7 Octobre 2020 Training

We’re glad to announce that our Mobile Hacking course and workshop will be delivered in a many different infosec conferences in the following weeks: virtually and in english for OWASP AppSec Israel and HITB CyberWeek, in real life but in french for another infosec conference and, also a French school but we’ll make another post for that. OWASP AppSec Israel 2020 - Workshop - October 27 We’ll deliver two virtual workshops: one will be focused on Android apps and the other one on iOS apps.

Blog banner image

[Publication] Contournement de l'API Google Play Billing

Guillaume Lopes 13 Juillet 2020 Pentest

L’article concernant le contournement de l’API Google Play Billing vient d’être mis à disposition par les éditions Diamond sous licence Creative Commons (BY-NC-ND). Vous pouvez retrouver également dans ce billet de blog la retranscription de l’article paru dans MISC106. Bonne lecture ! Contournement de l’API Google Play Billing D’après le blog [INVESP], le montant global des paiements dits « in-app » représentait environ 37 milliards de dollars (USD) en 2017 pour les applications mobiles (Android et Apple).

Blog banner image

[WORKSHOPS] BSides Budapest 2020 - Android and iOS workshops online

Guillaume Lopes 29 Mai 2020 Workshop

Last year, at BSides Budapest, we delivered a workshop about Mobile Hacking on Android and iOS. The idea, we had at this time, was to give a very short introduction of our 3 days training about Mobile Hacking. Note: This training was already delivered at Hack In Paris (2019), at DeepSec (2018 and 2019) and also online (2020). However, we noticed that 2 hours are too short to be able to introduce different concepts in Android and iOS mobile apps…

Blog banner image

[TRAINING] Mobile Hacking

Davy Douhine 27 Avril 2020 Training

Security conferences are an excellent way to access top-notch quality trainings but with all this actual mess they are cancelled or postponed. However, life keeps going and we still need to train in order to improve our skills. So, we are pleased to announce that we are going to offer our Mobile Hacking training in an online form! Of course, we prefer to have real interactions with the attendees because we think it’s the best way to give trainings but as nodoby actually knows when this will be possible again, we want to try our best to continue to train whoever wants to learn mobile security.

Blog banner image

Trainings 2020 and COVID-19

Guillaume Lopes 26 Mars 2020 Training

Hello everyone! We hope everything is going well with you regarding the current situation. As you already may notice, many infosec events were cancelled or postponed. In our case, we are not going to be able to deliver our Mobile Hacking course in the following events: BSides Budapest: The event was postponed to May, 28th. However, we are not available at this date and no Mobile Hacking workshop will be delivered.

Blog banner image

Trainings 2020 - Schedule

Guillaume Lopes 30 Janvier 2020 Training

First of all, we would like to wish you a happy new year 2020! Wishing you all the best. We have some exciting news regarding our training schedule for this year. Our Mobile Hacking course will be delivered in 3 different infosec conferences! If you want to have a preview of the covered subjects, we are going to tweet #mobile #hacking #tips in February. BSides Budapest - Workshop - March 26 Coming back to BSides Budapest in order to deliver not one but two workshops!

Blog banner image

[Training/Conference] DeepSec 2019

Guillaume Lopes 2 Décembre 2019 Training

Training During the DeepSec event, we gave our Mobile Hacking training (this training was also provided at Hack In Paris). This training presented the toolset needed when assessing mobile applications (such as adb, Apktool, Jadx, Androguard, Cycript, Frida, Needle and MobSF) and, also, the techniques to help you to work faster and in a more efficient way in the mobile ecosystem. This 2-days training focused on Android and iOS applications. The main topics of the training were:

Blog banner image

[PUBLICATION] Éprouver la sécurité des applications mobiles

Davy Douhine 30 Octobre 2019 Publications

Guillaume et moi-même avons écrit trois articles sur la sécurité des applications mobiles (tout le dossier en fait ;), qui ont été publiés dans le magazine MISC106 de novembre/décembre : Contournement de l’API Google Play Billing (for fun and profit ;) Auditer la sécurité d’une application iOS (avec et sans jailbreak) Présentation du Mobile Security Testing Guide de l’OWASP (devenu LA référence dans le domaine) Comme à notre habitude nous aurions aimé opter pour une licence CC dans le but de mettre les articles à disposition au plus grand nombre dès l’expiration des droits d’auteur, mais cela n’a été possible que pour un seul des trois articles.

Blog banner image

[Training/Conference] DeepSec 2019 - Mobile Hacking / Abusing Google Play Billing

Davy Douhine 27 Aout 2019 Training

RandoriSec is going back to DeepSec (Vienna, Austria) this year. Guillaume Lopes will give a talk about abusing the Google Play Billing API and he’ll give a training with Davy Douhine. The Mobile Hacking training, running the 27 and 28 November, is intended for penetration testers, bug bounty researchers or just curious who would like to improve their security testing skills applied to the mobile ecosystem. The objective of the course is to introduce the basic toolset (Adb, Apktool, Jadx, Cycript, Drozer, Frida, Hopper, Needle, etc.

Blog banner image

[Training/Conference] Hack In Paris 2019

Davy Douhine 9 Juillet 2019 Pentest

RandoriSec was at Hack In Paris 2019 and it was wonderful! This 9th edition took place at Maison de la Chimie in Paris (of course;)). The event was divided in two parts: June 16th to 18th: 3 days of trainings with 13 different subjects (IoT, ICS, Windows exploitation, Web and mobile hacking, etc.) June 19th to 20th: 2 days of talks with a unique track. If you follow this blog, you already know that RandoriSec gave a training about Mobile Hacking.

Catégories

Conference (32)

Gestion de crise (1)

Publications (15)

Responsible disclosure (17)

Tags

0day

2021st

Android

Android Studio

Antivirus

Appsecil

Asterisk

Biais Cognitifs

Bsides

Bsides Budapest

Bug Bounty

Bugbounty

Bull

Burp

Camera

Cert

Cert Eu

Challenge

Chamilo

Checkmarx

Client Side

Cloud

Clusif

Conference

Confusion

Corellium

Coriin

Cortex

Csp

Ctf

Cve 2022 34918

Cyber

Deepintel

Deepsec

Dep

Dftimewolf

Donation

Edr 810

Enseirb

Exchange

Exploit

Forensics

Formation

Forseti

Free Software

Gameboy

General

Gestion De Crise

Geutebruck

Giftstick

Google

Google Play Billing

Grehack

Hack in Paris

Hack It N

Hack.lu

Hackfest

Hacking

Happynewyear

Hexacon

Hip

Hirschmann

Hitb

Ibm

Ics

Inapp

Incident

Insomnihack

Ios

Keychain

Linux Kernel

Lisbon

Logicaldoc

Metasploit

Meterpreter

Microsoft Word

Minifilter

Misc

Mobexler

Mobile

Mobileapp

Mobilesecurity

Mona

Moxa

Mstg

Needle

Netfilter

Nx

Offensivecon

Online

Open Source

Opengl

Oss

Ostorlab

Owasp

Paiement

Pass the Salt

Patrowl

Pentest

Plaso

Privilege Escalation

Provider

Proxy

Publication

Publications

Pwn

Pwntools

Qemu

Report

Responsible Disclosure

Reverse

Rop

Router

Réseau

Scada

Secnumedu

Security

Service

Shindan

Sigsegv2

Slack

Spyware

Sstic

Sthack

Swift

The Hive

Thehive

Threat

Timesketch

Training

Triangulation

Turbinia

Uefi

Uybhys

Vmware

Warcon

Web Application

Webapp

Windows

Workshop

Writeup

Xml