Hacking Android Applications For Bug Bounty And Pentesting
Published 10/2022
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.08 GB | Duration: 4h 42m
Published 10/2022
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.08 GB | Duration: 4h 42m
Learn to test Android applications using the cutting edge pentesting techniques and tools.
What you'll learn
Fundamentals of Android
Android Lab & Device setup for testing
Basics of Android pentesting
Advanced Android pentesting
Requirements
Basics of web application security
Basics of linux
Description
This course is designed to help you kick-start the journey of android pentesting with right tools and methodology. Information security is the ever-changing field, we bring the latest methodology to setup your own environment and get your hands dirty with the android pentesting.This course initiates with basics such as Android Architecture, what is Android Run time (ART), Android device Rooting Basics. Towards the intermediate concepts like Reversing Android Apps, Bypassing client side restrictions such as root detection, SSL Pinning etc. This course leverages multiple industry known & open source applications to demonstrate the test cases.This course will also teaches you how to identify a variety of Android App vulnerabilities such as Insecure Data Storage, Insecure Logging, Weak Jailbreak detection, insecure end to end encryption, Access Control issues in REST API etc. Essentially this course is designed to teach the general approach right from reversing the APK, to understand & identify vulnerabilities, modifying the application logic to run the modified application in the android environment.The highlights of this course are:Fundamentals of androidLab Setup in Windows & LinuxStatic & Dynamic AnalysisIntercept Traffic using BurpsuiteRoot detection bypassSSL Pinning BypassPatching apps using objectionFrida code share & Startup scriptsReversing & patching applications manuallySmali UnderstandingIdentifying client side encryptionReal world findings walkthroughSee you inside the course!
Overview
Section 1: Introduction to Course
Lecture 1 Introduction to Course
Section 2: Fundamentals of Android
Lecture 2 Introduction to Android Architecture
Lecture 3 Android Run time (ART)
Lecture 4 Rooting Basics
Section 3: Setup Device and Lab
Lecture 5 Introduction to Genymotion
Lecture 6 Install apktool in Linux
Lecture 7 Install Frida Tools in Linux and Start Frida Server in Android
Lecture 8 Install adb in Linux
Lecture 9 Install Jadx in Linux
Lecture 10 Install MobSF in Linux
Lecture 11 Install Objection in Linux
Lecture 12 Install Runtime Mobile Security (RMS) in Linux
Lecture 13 Install Frida Tools in Windows
Lecture 14 Install apktool in Windows
Lecture 15 Install adb in Windows
Lecture 16 Install Jadx in Windows
Lecture 17 Install MobSF in Windows
Lecture 18 Install Objection in Windows
Lecture 19 Install Runtime Mobile Security (RMS) in Windows
Section 4: Static Analysis
Lecture 20 Pulling APK from device/playstore
Lecture 21 Decompile/Recompile apk using apktool
Lecture 22 Taking the android app apart
Lecture 23 Patching application manually to enable WebView debugging
Section 5: Analysis Types
Lecture 24 Static vs Dynamic
Section 6: Dynamic Analysis
Lecture 25 Intercept Traffic using Burpsuite
Lecture 26 Root Detection Bypass
Lecture 27 SSL Pinning Bypass
Lecture 28 Patching apps using objection
Lecture 29 Frida code share & Startup scripts
Section 7: Android Bug Hunt
Lecture 30 Insecure Data File Storage - Part 1
Lecture 31 Insecure Data File Storage - Part 2
Lecture 32 Insecure Data Storage - Example 1
Lecture 33 Insecure Data Storage - Example 2
Lecture 34 Insecure Data Storage - Example 3
Lecture 35 Hardcoding Issues - Example 1
Lecture 36 Hardcoding Issues - Example 2
Lecture 37 API Access Control Issues
Section 8: Real World Findings
Lecture 38 Report: Periscope android app deeplink leads to CSRF in follow action
Lecture 39 Report: Bypassing biometrics security functionality in Android
Lecture 40 Report: Insecure deeplink leads to sensitive information disclosure
Lecture 41 Report: Steal arbitrary files from mobile device
Lecture 42 Report: Disclosure of all uploads via hardcoded api secret in Android app
Lecture 43 Report: Insecure Data Storage in Vine Android App
Lecture 44 Report: No Session Expiry on Password change action
Section 9: Conclusion
Lecture 45 Conclusion
Beginner bug bounty hunter who wants to learn Android security,Security enthusiasts who wants to learn about Android security