Android Pentesting 101
Published 8/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.72 GB | Duration: 4h 53m
Published 8/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.72 GB | Duration: 4h 53m
Complete A-Z course on Android Penetration Testing & Android Bug Bounty Hunting with practical explanations
What you'll learn
OWASP Mobile Top 10
Rooting an Android device
Android Basics & how applications work on Android devices
Android Security
Cybersecurity
Android Penetration Testing
Static Analysis
Dynamic Analysis
Live Attacks
Bug Bounty
Requirements
No programming experience required
Basic computer skills
A Android device/emulator (Do not use your personal device)
Willingness to learn!
Description
Welcome to the Android Pentesting 101 Course. This course covers about how security works in Android devices and how vulnerabilities can be found in Android applications. The course starts with the basics of how you can set up your hacking environment and then gradually moves on to how security works in Android Applications. The course also shows you the different types of Emulators and how you can Root your Android Device. The course also covers OWASP Mobile Top 10 and would cover all the categories of OWASP Mobile Top 10 with practical examples. The course also includes a detailed overview of Android Concepts such as Dalvik VM, Android Components, Android Architecture Stack, etc. The course also shows you how you can decompile and reverse engineer a particular Android application to get the source code.The major section of Android Pentesting is the Static and the Dynamic Analysis where most of the vulnerabilities would be covered with practical approaches. These approaches can also be used to find vulnerabilities in bug bounty programs.At the end of the course, you would be exposed to certain Tips and Tricks that will make your upgrade Android Pentesting skills. These tips will help you to differentiate yourself from others.This course also includes the vulnerabilities found in Live Targets for better understanding.
Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 Disclaimer
Section 2: Setting Up your hacking environment!
Lecture 3 Setting up Mobexler
Lecture 4 Emulators
Lecture 5 Setting up Genymotion - Android Emulator
Lecture 6 Setting up Android Studio Emulator - Android Emulator
Lecture 7 Setting up Nox Player
Lecture 8 Rooting
Lecture 9 Connecting BurpSuite with Android Device
Lecture 10 Installing your first application DIVA
Section 3: Getting started with Android
Lecture 11 Introduction to Android Applications
Lecture 12 Android Architecture Stack
Lecture 13 Android Components
Lecture 14 Android File System
Lecture 15 Android Data Storage Options
Lecture 16 Transferring data between Device and PC
Lecture 17 Extracting Applications using APK Extractor
Lecture 18 Decompiling Applications using dex2jar
Lecture 19 Decompiling applications using Jadx GUI
Section 4: Android Basics
Lecture 20 APK Contents
Lecture 21 Dalvik
Lecture 22 Smali
Lecture 23 Webviews
Lecture 24 Application Signing & Verification
Lecture 25 AndroidManifest.xml file
Section 5: OWASP Mobile TOP 10
Lecture 26 What is OWASP?
Lecture 27 M1: Improper Platform Usage
Lecture 28 M2: Insecure Data Storage
Lecture 29 M3: Insecure Communication
Lecture 30 M4: Insecure Authentication & M5: Insufficient Cryptography
Lecture 31 OWASP M6, M7, M8, M9, M10
Lecture 32 OWASP Mobile Top 10 2023
Section 6: Static Analysis
Lecture 33 What is Static Analysis
Lecture 34 MobSF
Lecture 35 Cloudsek BeVigil
Lecture 36 Yaazhini
Lecture 37 SharedPreferences Analysis
Lecture 38 Analysing other data storage options
Lecture 39 Logcat
Lecture 40 Pidcat
Lecture 41 Hardcoded Credentials
Lecture 42 Drozer
Lecture 43 Exploiting Applications using Drozer
Lecture 44 Firebase Misconfigurations
Lecture 45 Pasteboard
Lecture 46 Hot Patching
Lecture 47 WebView Related Vulnerabilities
Section 7: Dynamic Analysis
Lecture 48 Setting up platform tools
Lecture 49 ADB
Lecture 50 Frida & Objection
Lecture 51 Frida-CodeShare
Lecture 52 Bypassing Root Detection using Frida
Lecture 53 Bypassing Root Detection using Medusa
Lecture 54 Bypassing Root Detection using Objection
Lecture 55 Bypassing Root Detection using Magisk
Lecture 56 Bypassing SSL Pinning using Frida
Lecture 57 Bypassing SSL Pinning using Objection
Lecture 58 Bypassing SSL Pinning by overwriting packaged CA Certificate with custom CA Cert
Lecture 59 Bypassing SSL Pinning using android-unpinner
Lecture 60 Fingerprint Detection Bypass
Section 8: Progressive Web Application Attacks
Lecture 61 Progressive Web Applications - Intrdouction
Lecture 62 Bypassing Root and SSL Pinning in PWAs
Section 9: Live Attacks
Lecture 63 Disclaimer
Lecture 64 Live Attack 1: Insecure Permissions
Lecture 65 Live Attack 2 : Application Signing & Janus Vulnerability
Lecture 66 Live Attack 3 : Hardcoded Credentials
Lecture 67 Live Attack 4 : Shared Preferences
Lecture 68 Live Attack 5 : Insufficient Cryptography
Lecture 69 Live Attack 6 : Non Parameterized SQL Query
Lecture 70 Live Attack 7 : Insecure Logging
Lecture 71 Live Attack 8 : Webview XSS
Lecture 72 Live Attack 9 : Pasteboard Monitor
Lecture 73 Live Attack 10 : Screenshot and Background Screen Caching
Lecture 74 Live Attack 11 : Root Detection Bypass + SSL Pinning Bypass
Lecture 75 Live Attack 12 : Fingerprint Bypass
Lecture 76 Live Attack 13 : No Rate Limit
Lecture 77 Live Attack 14 : Authentication Issues - Status and Response Code Manipulation
Lecture 78 Live Attack 15 : Business Logic Issue
Lecture 79 Live Attack 16 : Flutter APK Root & SSL Pinning Bypass
Section 10: Tips & Tricks
Lecture 80 Android Pentesting Checklist
Lecture 81 Android Pentesting Mindmap
Lecture 82 Android Pentesting Nuclei Templates
Lecture 83 Android Pentesting Reports Private
Lecture 84 Using objection & Frida without Rooting the device
Lecture 85 Android Frida Scripts
Lecture 86 Android Bug Bounty Journey
Section 11: Bonus Lecture: Conclusion & Links
Lecture 87 Conclusion
Lecture 88 Links - Bonus
Beginners who want to learn about Android Penetration Testing,Mobile Application Developers,Security Researchers,Cyber Security Enthusiast,Beginners who want to hunt vulnerabilities & security bugs in Android Applications,Bug Bounty Hunters