2026
Mobile device interception with MikroTik
Preamble Anybody who has had a conversation with me about networks probably knows that I’m a bit of a MikroTik fanboy, and for good reason. I am also a long-time user and supporter of OpenWrt which makes my enthusiasm for MikroTik even more significant. Somewhere around 16 years ago I got my first router (TP-Link WR1043ND), my first introduction to OpenWrt, and my first USB-serial cable after accidentally flashing an update to the wrong place and bricking the router. I was amazed at how versatile the platform was, the fact that I could run arbitrary services on my router, limited only by its meagre resources.
OpenSSL, Certpinning and Memory patching. Sounds fun right?
This blogpost will cover the research I presented at BSides JoBurg. You can watch the talk on YouTube, and code can be found on our GitHub page.
This journey started after having looked at some certificate-pinned apps.
The majority of apps that appear to implement cert pinning, don’t actually have cert pinning but rather just use a custom trust manager or are not proxy aware (this also applies to things like Flutter). Thus the first step is to ensure application traffic is forced through our proxy. I utilised an OpenVPN server when working with a physical device and the Android emulator proxy settings when working with a virtual device.
From flat networks to locked up domains with tiering models
I’ve been performing internal assessments for seven years and out of all the things I have learnt, one is certain: without a proper tiering model, security tools alone won’t stop your organization from collapsing after a major compromise.
In this post I’ll explain what a tiering model is, how to break a flat network even when protections are present, and, most importantly, how to build a defense-in-depth network providing practical tips and diagrams.
Page 1 of 1