Subho Halder
Mobile Device Management (MDM) apps route all traffic through managed VPNs, blocking traditional API interception methods. This creates major blind spots during security testing of high-privilege mobile apps.
KnoxSpy is a purpose-built tool that overcomes this limitation using dynamic instrumentation with Frida. It hooks into the target app’s network libraries to intercept traffic before it enters the MDM tunnel and after it exits, enabling real-time inspection and modification of API calls.
KnoxSpy allows security professionals to test APIs without breaking the MDM tunnel or modifying device policies. Requests can also be modified and reinjected seamlessly through the app’s own network stack.
Used successfully in multiple real-world assessments, KnoxSpy has helped uncover critical vulnerabilities in MDM-protected apps. A live demo will showcase how KnoxSpy enables deeper visibility into secured environments.
Subho Halder
CEO Appknox
Subho Halder is the Co-founder and CEO of Appknox, where he leads advanced research in mobile application security.
He’s spent over a decade deep in offensive security, with a focus on mobile kernel exploitation, runtime evasion, and real-world bypasses for things like RASP and root detection. Subho has shared his work at top conferences including Black Hat, Nullcon, OWASP Global AppSec, and Syscan, often blending hardcore technical research with practical attack demos.
At Appknox, Subho has helped protect more than 500 enterprise apps by embedding mobile security into CI/CD workflows and using real-device testing over emulators. His work has been instrumental in helping organizations in fintech, retail, and aviation catch what traditional tools miss.
By day, he runs a fast-growing SaaS security company. By night, he’s still reverse engineering mobile stacks and building tools that push the boundaries of what’s possible in appsec.