Hacking and protection of Mobile Apps and backend APIs | 2024 Talsec Threat Modeling Exercise

Показать описание

Enjoy the ultimate threat modeling knowledge sharing refined through insights from hundreds of sessions with mobile security experts and shared with many CTOs, CISOs, and senior mobile developers who develop for Android, iOS, React Native, and Flutter.

It's ideal for team training workshops as a practical guide to better securing mobile apps and backend APIs, offering actionable insights.
- Threat Modeling
- TOFU (Trust On First Use)
- App and Device Enrollment
- Detection, Monitoring, and Security

It focuses on the most exploitable threat vectors, including
- Session Hijacking,
- Token Hijacking,
- Rooting and Jailbreaking (Magisk),
- App Impersonation,
- App Tampering,
- App Cloning,
- App Repackaging,
- Dynamic Hooking (Frida),
- Reverse Engineering
and respective prevention and remediation approaches like a RASP.

presented by Tomas Soukal.

00:00 Intro
03:55 Whoami Tomas Soukal
04:15 TOFU - Trust On First Use
06:18 Secure Application Sandbox?
10:38 Hacker’s Shopping List
14:20 App Cloning, Repackaging, Pirate Copies, Social Engineering
16:10 In-App Payments Theft
17:16 Repackaging Attack
18:40 Hooking
21:00 Try in your project: freeRASP
22:46 Reverse Engineering, Extraction of API keys, API attacks
25:59 How to protect App and API?
26:39 What data are sent in and out of the app?
27:21 Attack the Network Traffic with reFlutter
30:50 Common App and API threats
33:50 Malware, SMS stealers, Keyloggers, Tapjacking, Accessibility Services Misuse, Remote Control, Game Cheats and more
37:32 Overlay/Tapjacking
38:05 Screen Logger
38:52 Stealer/RAT
39:52 Common attacks

Quick links:

Talsec

Рекомендации по теме

Комментарии

hello i am a chines，can you help me to hook an app？

狂魔食翔

loved meeting your representants in 24fintech in saudi ! thank u for sharing this video as an app founder that comes from a cybersecurity background it'll build trust for me to my customers all love from saudi to zchechia and specially prague

saraf

Hacking and protection of Mobile Apps and backend APIs | 2024 Talsec Threat Modeling Exercise

watch how Hackers Remotely Control Any phone?! protect your phone from hackers now!

Hacking into Android in 32 seconds | HID attack | Metasploit | PIN brute force PoC

Cybersecurity Expert Demonstrates How Hackers Easily Gain Access To Sensitive Information

How to Prevent Android Phone Hacking and Protect Your Cell Phone

HACKING | Protect Yourself From Hackers | The Dr Binocs Show | Peekaboo Kidz

Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC

Top 5 Ethical Hacking apps for Android |learn Ethical Hacking and Practice 2023 | #hacking

How Hackers Hijack Your Phone for Explosive Attacks / PAGER HACK

Can Someone Hack Your Phone With Just Your Number?

Ultimate smartphone security guide | How to secure your phone tutorial

How Hackers are Hacking Your Phone via Bluetooth

WhatsApp hacking security enable// how to WhatsApp security enable #shorts 😱😱😱

How to Stop Phone Hacking // How to Know Your Smartphone is Hacked

10 Clear Signs Someone's Controlling Your Phone Secretly

Hacking the Smartphone | Mobile Cyber Hack Demonstration

How to Protect Your Phone From HACKERS! - Full Guide

How To Protect Yourself From Bluetooth Hacking

'Unbelievable! What Hackers Can Do with YOUR IP Address...'

Watch these hackers crack an ATM in seconds

let's hack your home network // FREE CCNA // EP 9

When you first time install Kali linux for hacking 😄😄 #hacker #shorts

Hacking and protection of Mobile Apps and backend APIs | 2024 Talsec Threat Modeling Exercise

How to Protect Yourself Against Phone Hacking - Crime Watch Daily

Phone Hacking - How To Protect Yourself?