[Owasp-bayarea] Fwd: 15th feb, Hacker Thursday on Mobile App security.

Prashant Kv kvprashant at owasp.org
Thu Feb 8 23:47:43 UTC 2018


Resending as mails with google form links are blocked.

I am happy to announce February month's Hacker Thrusday. Datatheorem is one
of the leading names in Mobile application security space and  We are happy
to have two hands on talks from Datatheorem for this month. It will be even
more fun as the session will be at HackerOne's HQ. As always please fill in
the form below to confirm your attendance.

*meetup page:-* https://www.meetup.com/Bay-Area-OWASP/events/247592106/

*Date:-*  February 15th, 6 pm to 8 pm.
*Venue:- *HackerOne HQ 300 Montgomery St., 12th Floor San Francisco, CA
94104

*Session 1:* Leveraging objc_msgSend for Dynamic Analysis of Objective-C
Apps

*Description:* iOS binary obfuscation is becoming increasingly common
mistake by enterprises in order to prevent reverse engineering of mobile
apps. This session will explore the dynamic dispatching attributes of the
Objective-C language and how the underlying message routing components of
the runtime can be utilized for dynamic analysis of an application’s
execution flow. Using these techniques, a researcher can examine an
obfuscated application.

*BIO:* Ethan Arbuckle is a Security Engineer at Data Theorem, Inc., an
mobile application security company. At Data Theorem, Ethan’s primary focus
is on the development and progression of iOS scanning technologies. Before
joining Data Theorem, Ethan was a large contributor to the iOS Jailbreak
community, releasing numerous open source tweaks.

*Session 2:* Techniques to bypass security restrictions when testing
Android Apps.

Description: In order to perform Android penetration test, bypassing device
hurdles is a must.  This session will discuss the various methods to bypass
several silly hurdles within a mobile app, including root detection and SSL
Pinning. The session will discuss the disassembly of Android Apps, learning
the basics of the Smali notation, the process of modifying an Android App
to strip off Root detection mechanisms, and assembling and signing Android
Apps.

 Hardware/Software Requirements: Laptop with the following tools installed
and working: Android SDK, ADB (Android Debug Bridge), APKTool, Jarsigner,
and Keytool.

*BIO:* Pavan Walvekar is a Security Engineer at Data Theorem, Inc., a
mobile application security company. At Data Theorem, Pavan leads the
Mobile Research team for Android, focusing on next-generation security
threats and privacy breaches. Furthermore, Pavan is part of the core team
that designed Data Theorem's mobile scanning engine, which focuses on iOS,
Android, and Windows Phone apps. Pavan's research includes several
whitepapers, including JavaScript Code Execution on Android Apps, Race
Conditions on Custom Android Permissions, and Data Encryption for Mobile
Applications, all of which can be found here: http://datatheorem.github.io/
blog/.

Again, please don't forget to fill the form.

*meetup page:-*https://www.meetup.com/Bay-Area-OWASP/events/247592106/\
Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bayarea/attachments/20180208/92ad4f48/attachment.html>


More information about the Owasp-bayarea mailing list