calderonpale.com

Aquí les comparto el temario y requisitos de mi próximo taller en Bugcon sobre búsqueda de vulnerabilidades en aplicaciones Android:

Temario

• Introducción a la arquitectura Android
• Formato APK
• Vulnerabilidades en aplicaciones Android
• Análisis estático
• Análisis dinámico

Prácticas

• Extraer información importante de apks
• Decompilar una aplicación
• Análisis de código fuente
• Detectar vulnerabilidades en almacenamiento inseguro
• Hijacking de intents
• Encontrar proveedores de contenido sin permisos de lectura o escritura
• Abusando de proveedores de contenido
• Análisis del tráfico de la aplicación
• Análisis de tráfico SSL
• Detectar vulnerabilidades en un proveedor de contenido
• Explotar vulnerabilidades de inyección SQL

Requisitos:

• Cable de datos
• VirtualBox

Por favor asegurense que su laptop tenga los drivers para detectar su dispositivo Android.

CHANGELOG

• Adds support for Android 4.2.
• Fixes auto-connect feature.

DOWNLOAD

Here or from the official Google Play market here.

I wanted to post one last time before 2012 is over and use this opportunity to thank everyone for their guidance, support and above all... good times. 2012 was very exciting for me as it brought many interesting opportunities to my personal life and career. 

Unfortunately I don't have enought time ( And I think I will bore you ) to go through all the events of my year but here is a quick recap:

• Our startup Websec that offers penetration testing services has positioned itself strongly in the mexican market.
• Mac2wepkey HHG5XX got very popular ( Although I wrote it in 2011 ) and passed the +2 million downloads mark
• Attended a lot more CONs and met a lot of very smart and awesome people. ( I even spoke/gave workshops in some of them! )
• My first book "Nmap 6: Network Exploration and Security Auditing Cookbook" got published! 

Once again, I feel honoured that people find my work useful and I thank everyone that has supported me or my work throughout the year.

Bring it on 2013!

Finalmente ya se puede adquirir mi libro enviado desde la ciudad de México!

http://websec.mx/compra-nmap-6-cookbook

Adicionalmente recuerden que si estan en otro país existen otras formas de compra: