Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Mirue2021-04-08 17:32:33
Information Security
Mirue, 2021-04-08 17:32:33

What are five questions you can ask a (senior) mobile app reverse engineer?

They set me the task of finding us a reverse engineer for mobile applications.
Finding something is not very easy, let alone interviewing ... And then the tech lead went into a binge and does not answer. And who to dig?

To my great regret, on a Google request for "top 5 questions for a reverse engineer of mobile phones" I am shown a reproductive organ from links to "how to become a reverse engineer" and everything else. My dear colleagues would like to help, but the profile is not theirs.
Asking standard questions, as easy as it is for mobile application developers, seems not very incorrect.

Job requirements include: knowledge of Android and ios architecture; sast, dast, iast, java, swift, kotlin, python, c/c++, encryption, obfuscation for mobile platforms, Wireshark experience, SSL Pinning)

What five questions can I record in a video and show the tech lead after they get off their binge?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
D
Dimonchik, 2021-04-08
@Mirue

1) latest version of burp suite
2) which mitm proxy used and how it masked
3) how sslstrip works
*
PROFIT!!!

Report
S
Saboteur, 2021-04-08
@saboteur_kiev

Asking standard questions, as easy as it is for mobile app developers, doesn't seem very correct.

Quite correctly, a reverse engineer must be a good developer, with an in-depth understanding of the platform architecture and debugging.
Well, without a technical specialist, video answers are not the best thing. For according to the answers, a good specialist immediately understands what additional question to ask in order to make sure that the candidate understands what he is talking about.

Report
C
calculator212, 2021-04-09
@calculator212

As an option, read the article https://habr.com/en/company/kaspersky/blog/203228/ .
But if no one understands anything in the reverse, then you will not be able to adequately check a person on several issues, especially since you noticed a specific area.

java, swift, kotlin, python, c/c++
Do you really think that someone really uses so many languages? It would be better to divide into languages ​​that are the main tool and auxiliary, because. someone had experience with all these languages, but in one he wrote for 10 years in production, and the other poked around a couple of times at home on the weekends.

Similar questions
D
Dysnystaxis2016-03-05 08:22:50
What to do for security in linux on a home machine? 10Reply
A
Alistair O2018-07-27 06:10:11
How to find the application that calls WScript.exe? 2Reply
R
r85qPZ1d3y2016-03-08 16:52:31
AdvOR stopped working, server change, or toru kerdyk? 2Reply
M
MaksSmag2020-07-16 14:56:52
Why doesn't Fail2Ban block or kick IPs on failed attempts? 3Reply
A
a1ien_n3t2016-03-09 18:48:58
Payment in a frame, is it safe? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question