2024-07-20 –, Track 1
This is a technical and theoretical talk on an alternative approach to bypassing certificate pinning by using Frida to change values in memory. It will cover my research on certificate pinning over the last few months, mainly within an Android mobile context.
This approach differs from the usual approach of using function hooking by being more difficult, less practical and far less reliable. This is a novel technique for bypassing a security control, rather than being a vulnerability.
The following section will be covered by the talk:
- Introduction to what certificate pinning is.
- The different methods typically employed to implement certificate pinning.
- How certificate pinning is typically bypassed.
- Using memory patching to bypass certpinning.
- Future research and understanding where OpenSSL fits in. (Hint: everywhere)
Security analyst @ OrangeCyberdefense with a keen interest in mobile security and electronics.