THOTCON - What the Frida Gave Me: A Novel Take on E-Ticket Forging and E-Ticket Stealing

Date & Time:
Past Event
Bishop Fox speaking engagements on offensive security research and tools.

Millions of people rely on mobile e-ticketing applications to get from Point A to Point B every day. These applications serve as vital components for mass transit and essentially power America's major cities. But thanks to Frida - a well-known but not very popular dynamic instrumentation framework - you can easily reverse engineer mobile e-ticketing applications. In this talk, we'll explore new application-specific attack avenues using Frida. We will be leaving the jailbreak bypasses and SSL pinning bypasses of yesteryear by the wayside as we explore a new attack vector. We'll use Frida's code injection and module loading capabilities to demonstrate e-ticket forging and e-ticket "stealing." (And your commute just became that much less of a pain). Expect to learn the analysis of intermediate-level obfuscation measures such as encrypted HTTP body and encrypted application storage in mobile applications, which can be instrumental in uncovering security vulnerabilities.

Senior Security Analyst Priyank Nigam will present What the Frida Gave Me: A Novel Take on E-Ticket Forging and E-Ticket Stealing at THOTCON in Chicago this May 2019.

Check out some of Priyank Nigam's recent security advisories in the meantime - some of these will be discussed during the presentation.


Priyank nigam

About the speaker, Priyank Nigam

Senior Security Consultant

Priyank Nigam (OSCP, OSWP, GCFE) is a Senior Security Consultant at Bishop Fox. He focuses on source code reviews, web and mobile application penetration testing, and network security. As a researcher, he is interested in all things offensive security, reverse engineering, mobile security, Internet of Things.
More by Priyank

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.