Bishop Fox Senior Security Consultant II Luis de la Rosa takes the stage at Mind the Sec 2025 with a practical, demo-driven session on mobile penetration testing in corporate environments. Learn the essential toolchain, how to bypass SSL pinning, root/jailbreak detection, and techniques for bypassing Android SafetyNet and Play Integrity. Luis also breaks down the most common mobile findings—from insecure data storage to auth/session flaws—and how to fix them. Perfect for pentesters, red teamers, mobile developers, and defenders looking to sharpen real-world Android/iOS assessment skills.

For full details, visit the conference website.

"Mobile Pentest Survival Guide Reloaded"

Speakers: Luis De la Rosa, Security Consultant II

Date/Time: September 16, 2025 at  10:30-11:50 a.m EDT

Abstract: "Mobile Pentest Survival Guide Reloaded" is a practical guide that will walk you through the key steps of mobile pentesting in corporate environments, providing the tools, techniques, and knowledge needed to address and overcome today's mobile security challenges. The presentation includes real-world examples, live demonstrations, and practical tips that will allow you to immediately apply what you've learned to your security assessments.

The following points will be covered during the lecture:

• Required Tools: A review of essential tools for mobile penetration testing will be provided. From static and dynamic analysis solutions to specialized reverse engineering and task automation utilities, a comprehensive guide to software and scripts that facilitate the pentester's work will be provided.
• SSL Pinning Bypass: Techniques and methods used to escape SSL Pinning mechanisms implemented in mobile applications will be explored.
• Root Detection Bypass: This talk will cover strategies for bypassing rooted device detection using automated methods and the creation of Frida hooks to intercept and modify validation logic in real time. The talk will explain how these techniques enable continuous evaluation even in secure environments.
• SafetyNet and Play Integrity Bypass: This tutorial will explore Android protections like SafetyNet and Play Integrity, describing how they work and presenting techniques to bypass these security measures. Current challenges and best practices for effectively performing this type of bypass will be discussed.
• Mobile Penetration Testing Findings: The most common findings found during mobile application assessments will be presented, such as insecure data storage, authentication vulnerabilities, and session management issues, among others. Additionally, recommendations will be offered to mitigate these vulnerabilities and improve overall application security.

Target audience: Pentesters / Red Teamers, Bug bounty hunters, Mobile application developers, Cybersecurity students and Community interested in mobile security