Tags
Language
Tags
December 2024
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31 1 2 3 4

Hacking Android Applications For Bug Bounty And Pentesting

Posted By: ELK1nG
Hacking Android Applications For Bug Bounty And Pentesting

Hacking Android Applications For Bug Bounty And Pentesting
Published 10/2022
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.08 GB | Duration: 4h 42m

Learn to test Android applications using the cutting edge pentesting techniques and tools.

What you'll learn
Fundamentals of Android
Android Lab & Device setup for testing
Basics of Android pentesting
Advanced Android pentesting
Requirements
Basics of web application security
Basics of linux
Description
This course is designed to help you kick-start the journey of android pentesting with right tools and methodology. Information security is the ever-changing field, we bring the latest methodology to setup your own environment and get your hands dirty with the android pentesting.This course initiates with basics such as Android Architecture, what is Android Run time (ART), Android device Rooting Basics. Towards the intermediate concepts like Reversing Android Apps, Bypassing client side restrictions such as root detection, SSL Pinning etc. This course leverages multiple industry known & open source applications to demonstrate the test cases.This course will also teaches you how to identify a variety of Android App vulnerabilities such as Insecure Data Storage, Insecure Logging, Weak Jailbreak detection, insecure end to end encryption, Access Control issues in REST API etc. Essentially this course is designed to teach the general approach right from reversing the APK, to understand & identify vulnerabilities,  modifying the application logic to run the modified application in the android environment.The highlights of this course are:Fundamentals of androidLab Setup in Windows & LinuxStatic & Dynamic AnalysisIntercept Traffic using BurpsuiteRoot detection bypassSSL Pinning BypassPatching apps using objectionFrida code share & Startup scriptsReversing & patching applications manuallySmali UnderstandingIdentifying client side encryptionReal world findings walkthroughSee you inside the course!

Overview

Section 1: Introduction to Course

Lecture 1 Introduction to Course

Section 2: Fundamentals of Android

Lecture 2 Introduction to Android Architecture

Lecture 3 Android Run time (ART)

Lecture 4 Rooting Basics

Section 3: Setup Device and Lab

Lecture 5 Introduction to Genymotion

Lecture 6 Install apktool in Linux

Lecture 7 Install Frida Tools in Linux and Start Frida Server in Android

Lecture 8 Install adb in Linux

Lecture 9 Install Jadx in Linux

Lecture 10 Install MobSF in Linux

Lecture 11 Install Objection in Linux

Lecture 12 Install Runtime Mobile Security (RMS) in Linux

Lecture 13 Install Frida Tools in Windows

Lecture 14 Install apktool in Windows

Lecture 15 Install adb in Windows

Lecture 16 Install Jadx in Windows

Lecture 17 Install MobSF in Windows

Lecture 18 Install Objection in Windows

Lecture 19 Install Runtime Mobile Security (RMS) in Windows

Section 4: Static Analysis

Lecture 20 Pulling APK from device/playstore

Lecture 21 Decompile/Recompile apk using apktool

Lecture 22 Taking the android app apart

Lecture 23 Patching application manually to enable WebView debugging

Section 5: Analysis Types

Lecture 24 Static vs Dynamic

Section 6: Dynamic Analysis

Lecture 25 Intercept Traffic using Burpsuite

Lecture 26 Root Detection Bypass

Lecture 27 SSL Pinning Bypass

Lecture 28 Patching apps using objection

Lecture 29 Frida code share & Startup scripts

Section 7: Android Bug Hunt

Lecture 30 Insecure Data File Storage - Part 1

Lecture 31 Insecure Data File Storage - Part 2

Lecture 32 Insecure Data Storage - Example 1

Lecture 33 Insecure Data Storage - Example 2

Lecture 34 Insecure Data Storage - Example 3

Lecture 35 Hardcoding Issues - Example 1

Lecture 36 Hardcoding Issues - Example 2

Lecture 37 API Access Control Issues

Section 8: Real World Findings

Lecture 38 Report: Periscope android app deeplink leads to CSRF in follow action

Lecture 39 Report: Bypassing biometrics security functionality in Android

Lecture 40 Report: Insecure deeplink leads to sensitive information disclosure

Lecture 41 Report: Steal arbitrary files from mobile device

Lecture 42 Report: Disclosure of all uploads via hardcoded api secret in Android app

Lecture 43 Report: Insecure Data Storage in Vine Android App

Lecture 44 Report: No Session Expiry on Password change action

Section 9: Conclusion

Lecture 45 Conclusion

Beginner bug bounty hunter who wants to learn Android security,Security enthusiasts who wants to learn about Android security