The Mobile Security Special - Melbourne Chapter (Virtual) Meetup - 23rd Nov 2021

Name: The Mobile Security Special - Melbourne Chapter (Virtual) Meetup - 23rd Nov 2021
Start: 2021-11-23T18:00:00+11:00
End: 2021-11-23T19:15:00+11:00

Hosted By

Dan T.

The Mobile Security Special - Melbourne Chapter (Virtual) Meetup - 23rd Nov 2021

Details

If you are into mobile apps security, don't miss this.
We've got 2 solid presentations, 3 amazing speakers.

Presentations:
Refactoring the OWASP MSTG and MASVS

In this talk we will share the ongoing and planned changes that are happening to the OWASP MSTG and MASVS projects in order to reach version 2.0. We will be focusing on:

Refactoring of the requirements in the MASVS
Refactoring of the test cases in the MSTG
Automation opportunities
New document structure for the MSTG
Plans for long-term maintainability of the MSTG
Revisiting the mobile attack surface
Sharing ideas about rule-based dynamic analysis

and many other things.

Bio - Authors of the MSTG and MASVS
[[ Carlos ]]
Carlos is a mobile security research engineer with NowSecure who has gained many years of hands-on experience in the field of security testing for mobile apps and embedded systems such as automotive control units and IoT devices. He is passionate about reverse engineering and dynamic instrumentation of mobile apps and is continuously learning and sharing his knowledge.

[[ Sven ]]
Sven is the Technical Director of F-Secure Singapore and has hands-on experience in attacking and defending web and mobile apps for the last 10+ years. He is giving talks and workshops about Mobile Security worldwide to different audiences, ranging from developers to students and penetration testers.

Cracking Android PINs

What if I told you that in 2021 you could still brute-force the PIN on an Android phone?

I will show you how to turn your Kali Nethunter phone into a brute-force PIN cracking machine. Unlike other methods this works on phones out of the box, so you won't need ADB access to your locked phone, or to have previously rooted the Operating System. While not every phone is vulnerable, many are, and the version of Android doesn't matter. Although Android itself is reasonable secure, each handset manufacturer has made their own lock-screen with custom brute-force protection and some of them are easily cracked.

Bio
[[ Andrew Horton ]]
Andrew Horton aka urbanadventurer has been in the information security space for over 10 years. During that time he has been fortunate to have been providing services to some of the world’s biggest companies and working alongside some of the most elite ethical hackers in the world. Andrew is best known for his open-source software contributions to the security community, forming part of the standard arsenal of penetration testers and blackhat hackers alike, along with mentions in university textbooks and professional methodologies. You can find some of his contributions in Kali Linux, the most popular Linux security distribution used daily by security professionals. Beyond penetration testing, Andrew is on the advisory boards of start ups, mentors up and coming security professionals, occasionally gives conference presentations, and also hosts the popular information security news aggregator at https://www.morningstarsecurity.com/news.

The Schedule ( Melbourne Time )

17:45 hrs - Virtual doors open;
come hang out in our Discord (#chapter-au-melb).
18:00 hrs - Welcome, and introductions.
18:05 hrs - Refactoring the OWASP MSTG and MASVS by Carlos & Sven
18:35 hrs - Q&A with Carlos & Sven
18:40 hrs - Cracking Android PINs by Andrew Horton
19:10 hrs - Q&A with Andrew Horton
19:15 hrs - End formal presentations, social time. See Discord for details