In February, the Hackerinnen Training will focus on the topic of Mobile Security.
Mobile Security Workshop: Dynamic Analysis with Frida
In this workshop, you will learn how to analyze and manipulate Android and iOS apps at runtime – without knowing the source code. Using Frida, we will instrument apps “live,” hook into relevant methods (e.g., crypto, authentication, networking), observe data flows, and bypass common protection mechanisms such as root/jailbreak checks, certificate pinning, or debugger detection.
The goal is to provide a hands-on introduction to mobile app pentesting and reverse engineering, with a focus on reproducible setups and practical workflows.
Content
- Frida basics: architecture, client/server, spawn vs. attach
- First hooks: finding and intercepting Java/ObjC methods
- Typical use cases:
- Observing and manipulating API calls and parameters
- Tracing crypto calls (e.g., AES/RSA/Keystore)
- Analyzing login and token flows
- Bypassing certificate pinning (hands-on)
- Logging, stability, and a brief overview of anti-instrumentation
- Clean documentation of findings (for reports/teams)
Prerequisites
- Basic knowledge of Linux / command line
- Basic JavaScript skills (for Frida scripts)
- Advantageous: basic understanding of Android/iOS (APK/IPA, app lifecycle)
Outcome
By the end of the workshop, you will be able to set up a complete environment, instrument a target app, write and adapt meaningful hooks, and understand typical mobile security challenges in a realistic testing environment.
Speaker
Marcel Schnideritsch works at CANCOM, teaches at HTL Kaindorf, and is also involved in mentoring the Austrian Cyber Security Challenge of the CSA.
Registration
Please register via forms.
Target group: This training is exclusively for women and FINTA*.