1. {elysiumsecurity}
MOBILE SECURITY ASSESSMENT
Version: 1.2a
Date: 29/08/2018
Author: Sylvain Martinez
Reference: ESC11-MUSCL
Classification: Public
cyber protection & response

2. {elysiumsecurity}
cyber protection & response
2
ADVANCEDTOOLSFRAMEWORKCONTEXT
• Assessment Scope;
• Mobile Assessment
Framework;
• Advanced Technics.
CONTENTS
Public
• Mobile usage
statistics;
• App usage statistics;
• Mobile security
context.
• Environment;
• Android Tools;
• IOS Tools;

3. {elysiumsecurity}
cyber protection & response
3
ADVANCEDTOOLSFRAMEWORKCONTEXT
MOBILE USAGE STATISTICS
Public Source: COMSCORE, May 2017

4. {elysiumsecurity}
cyber protection & response
4
ADVANCEDTOOLSFRAMEWORKCONTEXT
APP USAGE STATISTICS
Public Source: COMSCORE, May 2017

5. {elysiumsecurity}
cyber protection & response
5
ADVANCEDTOOLSFRAMEWORKCONTEXT
MOBILE SECURITY CONTEXT
Public Diagram Source: McAfee Mobile Threat Report Q1, 2018
SECURITY

6. {elysiumsecurity}
cyber protection & response
6
ADVANCEDTOOLSFRAMEWORKCONTEXT
ASSESSMENT SCOPE
Public
INFRASTRUCTUREWEB API APPLICATION
Icons from the noun project unless specified otherwise

7. {elysiumsecurity}
cyber protection & response
7
ADVANCEDTOOLSFRAMEWORKCONTEXT
MOBILE ASSESSMENT FRAMEWORK
Public SOURCE: ELYSIUMSECURITY LTD – Please refer to us when re-using this diagram

8. {elysiumsecurity}
cyber protection & response
8
ADVANCEDTOOLSFRAMEWORKCONTEXT
MOBILE ASSESSMENT FRAMEWORK
Public
FILESYSTEM
ANALYSIS
ANDROID: /DATA/DATA/APP_NAME
IOS: /PRIVATE/VAR

9. NETWORK
ANALYSIS
{elysiumsecurity}
cyber protection & response
9
ADVANCEDTOOLSFRAMEWORKCONTEXT
MOBILE ASSESSMENT FRAMEWORK
Public
MONITOR IP ADDRESSES AND URL

10. USAGE
ANALYSIS
{elysiumsecurity}
cyber protection & response
10
ADVANCEDTOOLSFRAMEWORKCONTEXT
MOBILE ASSESSMENT FRAMEWORK
Public

11. PSEUDO
CODE
ANALYSIS
{elysiumsecurity}
cyber protection & response
11
ADVANCEDTOOLSFRAMEWORKCONTEXT
MOBILE ASSESSMENT FRAMEWORK
Public SOURCE: ELYSIUMSECURITY LTD – Please refer to us when re-using this diagram
PASSWORD

12. {elysiumsecurity}
cyber protection & response
12
ADVANCEDTOOLSFRAMEWORKCONTEXT
ENVIRONMENT
Public
DISTRIBUTIONS
OS
APPLICATIONS

13. {elysiumsecurity}
cyber protection & response
13
ADVANCEDTOOLSFRAMEWORKCONTEXT
ANDROID TOOLS
Public
FILESYSTEM
ANALYSIS
ADB TOOLS
SSH
NETWORK
ANALYSIS
PROXY SETTINGS
ROGUE ACCESS POINTS
WIRESHARK
USAGE
ANALYSIS
YOUR THUMB!
DROZZER
PSEUDO
CODE
ANALYSIS
DEX2JAR
APKTOOL
JD-GUI

14. {elysiumsecurity}
cyber protection & response
14
ADVANCEDTOOLSFRAMEWORKCONTEXT
IOS TOOLS
Public
FILESYSTEM
ANALYSIS
USAGE
ANALYSIS
YOUR THUMB!
NETWORK
ANALYSIS
PROXY SETTINGS
ROGUE ACCESS POINTS
WIRESHARK
PSEUDO
CODE
ANALYSIS
UNZIP FOR RESOURCES
STRINGS
IDA, CLASS-DUMP
SSH TO JAILBROKEN PHONE

15. {elysiumsecurity}
cyber protection & response
15
ADVANCEDTOOLSFRAMEWORKCONTEXT
ADVANCED TECHNICS
Public
ANTI JAILBREAK DETECTION
SOFTWARE
NETWORK TRAFFIC THROUGH AN
IDS
CHANGE CODE AND RECOMPILE
(ANDROID)

16. {elysiumsecurity}
cyber protection & response
© 2018 ELYSIUMSECURITY LTD.
All Rights Reserved
www.elysiumsecurity.com
ELYSIUMSECURITY provides practical expertise to identify
vulnerabilities, assess their risks and impact, remediate those
risks, prepare and respond to incidents as well as raise security
awareness through an organization.
ELYSIUMSECURITY provides high level expertise gathered
through years of best practices experience in large
international companies allowing us to provide advice best
suited to your business operational model and priorities.
ABOUT ELYSIUMSECURITY LTD.
ELYSIUMSECURITY provides a portfolio of Strategic and Tactical
Services to help companies protect and respond against Cyber
Security Threats. We differentiate ourselves by offering
discreet, tailored and specialized engagements.
ELYSIUMSECURITY operates in Mauritius and in Europe,
a boutique style approach means we can easily adapt to your
business operational model and requirements to provide a
personalized service that fits your working environment.