Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
  • Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here.
Back To Schedule
Tuesday, June 5 • 10:00 - 12:00
I’ve got 99 problems but a pin ain’t one

Log in to save this to your schedule, view media, leave feedback and see who's attending!

In this workshop we’ll be covering certificate pinning (some focus on mobile applications). We’ll be discussing trade-offs of different pinning strategies, and how they can be bypassed. There will be a significant practical component covering what was discussed.

* Introduction
        * What is certificate pinning?
        * Why should you always pin?
        * Where and what to pin?
* So… how should you pin?
        * iOS
        * Android
* Exercises (all involve bypassing certificate pinning)
        * Patching / Re-packaging / Re-signing an Android APK
        * Code review
        * Runtime instrumentation with Frida


"Students will need a system (*NIX or Windows) with the following installed and working:
* unzip
* zipalign
* apktool
* jd-gui (or your Java decompiler of choice)
* dex2jar
* frida (pip install frida; frida –version)
* Burp Suite (or your HTTP proxy of choice)
* Text editor of your choice
* Genymotion Android Emulator
* If you can, bring your own rooted Android device (anything above 5.1 should work)

avatar for Jose Lopes

Jose Lopes

I'm a Senior Security Consultant at Nettitude Ltd. I specialise in application and software security – mainly mobile applications and thick clients. My interests include reverse engineering, privacy, and going fast on motorcycles.

Tuesday June 5, 2018 10:00 - 12:00 BST
Workshop 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD