4.47 out of 5
207 reviews on Udemy

Mobile Penetration Testing of Android Applications

Computer security is no more about PCs. Is your TV, fridge and mobile phone. Learn to audit mobile apps!
Gabriel Avramescu
2,359 students enrolled
English [Auto-generated]
Learn to audit or perform penetration tests agains Android applications
Learn tools and techniques
Perform real world attacks on Android Devices and Apps
Perform Certification Pinning bypass for most of Android Apps
Explore OWASP Top Ten Mobile and Web most common vulnerabilities
Android Malware Analysis

You already know some computer and network ethical hacking? What about moving forward and applying it to mobile apps as well? This course is for the beginners and may be useful for some advanced users as well.

Android Hacking and Penetration Testing course is a hands-on video course. The course will focus on the tools and techniques for testing the Security of Android Mobile applications. Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, hackers with malicious intent can do much more than send premium text messages. In this video you will learn how to hack Android applications.

In this course you will apply web hacking techniques you already know on Android environment. Furthermore, we are going to explore OWASP Top Ten Mobile and Web most common vulnerabilities. This is an intermediate level course.


About the Author

A few words about myself and my experience as a penetration tester.

What to expect from this course

The course is for you, if you want to become an ethical hacker or for you, as a developer, if you want to understand how to test and secure your application.

The course will focus on the tools and techniques for testing the Security of Android Mobile applications. 

Android Development Tools

Android Studio

In this video you will learn about Android Studio, the main framework used to develop Android Applications.

Android Debug Bridge (ADB)

In this video I will talk about Android Debug Bridge or ADB

Environment Setup

Android emulator or Android Device?

Emulator or real device? What to choose? Advantages vs disadvantages are explained in this video.

Android rooting

Why Android rooting is important?

Setting up a Proxy for Android

In this video you will show you how to setup a proxy in various emulators. Furthermore, you will learn basic information about Burp Suite.

Installing CA Certificate

In this video I will show you how to add a CA certificate to Android emulator.

Android Vulnerable Application Setup

In this video we will setup our environment using a vulnerable android application.

Android Application Review. Reverse Engineering and App Analysis

APK file Structure. AndroidManifest XML file

In this video I will speak about the content and structure of apk files and of the android manifest xml file.

Reversing to get Source code of the Application - decompiling with dex2jar

in this and next videos we will speak about reverse engineering android applicatios

Reversing and Re-compiling With APKTool

In this video we will decompile and recompile an apk file using apktool

APK Teardown in a Nutshell using Dexplorer on your Android Device

In this video we will learn how we can access the apk source files directly on our Android device or emulator using Dexplorer

Static vs Dynamic Analysis

In this video we will discuss static and dynamic analysis of Android Applications.

Static Analysis of Android Application using QARK

In this vide you will learn how to perform a static analysis using QARK

Dynamic Analysis of Android Application using Inspeckage and Xposed

In this video you will learn how to perform a dynamic analysis using Inspekage.

MobSF - Mobile-Security-Framework. Malware analysis

Perform both static and dynamic analyse using MobSF

Automated Security Assessments with Drozer

Perform a vulnerability scanning and exploitation using Drozer.

Intercept traffic using Wireshark and tcpdump

In this video I will show you how to intercept traffic generated by your emulator using Wireshark.

Intent Sniffing

In this video we will perform Intent Sniffing attack for the Insecure Bank application

Fuzzing using Burp - Password Brute-Force. Username enumeration

In this video I will show you how to discover, mitigate and exploit username enumeration and username&password brute force using Burp.

Bypass Certificate Pinning

General Description

In this video I will explain some basic concepts of ssl certificate pinning

Automatic bypass of certificate pinning

In this video I will show you how to perform an automatic ssl pinning.

Manual bypass of certificate pinning

In this video I will perform a manual bypass of ssl certificate pinning by reverse engineering an application, changing its code and recompiling it.

Next Steps and Conclusions

Bonus - Take control over an Android phone using metasploit

In this video you will learn how to generate an .apk door backdoor for an android device and use it to remotely control and exfiltrate data such as SMS, geolocation, calls, contacts and so on.

Penetration Testing Cheat Sheet

In this video I will guide you trough a penetration testing cheat sheet

We will cover owasp top ten mobile vulnerability, but in this case we will talk about way to test for that specific vulnerability.

Also, we will discuss other category-based threats, such as application, web, network and physical based threats.

In the end I will present a list of additional tools that you can further explore and use, depending on your project.

OWASP Top 10 Mobile Vulnerabilities and Attacks

In this video we will go trough OWASP’s Top ten The Most Common Mobile Vulnerabilities. 

You will also find useful resources on the links provided, about each of the vulnerabilities, further explanations and examples, tutorials of how to check and exploit this kind of vulnerability. 

Further research - Automatic and Manual Scanning for Vulnerabilities

In this video I will present you a list of specific tools that you can further use to search vulnerabilities in the mobile apps. Furthermore, we will go trough the OWASP's top ten web vulnerabilities, that may also apply to the mobile applications. It's a start point for further research.

For Developers - Android Security Guidlines

If you are a developer, a secure guideline may turn up rally useful for you.Therefore, I found an interesting document to remind you to cover some security aspects in your future application.

Bonus - Easily download any APK file from Google Play directly on your PC

Sometimes you have to test an app, but you don’t have acces to the apk directly, only a name or a link to google play. what can you do?

Final Words

(Bonus) Web Penetration Testing

Further information
Core Problems - Why Web Security
Spider and Analyze a Website using Burp
Brute-frocing Web Resources using Dirb and Dirbuster
SQL injection
Exploiting SQLi using Sqlmap and Getting Remote Shell
Upload and Remote File Execution

(Bonus) Learn Burp for advanced mobile and web pentesting

Alternative setup - Download Burp. Free vs Paid
Proxy - General Concept
Target Module
Proxy Module - part 1
Proxy Module - part 2
You can view and review the lecture materials indefinitely, like an on-demand channel.
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don`t have an internet connection, some instructors also let their students download course lectures. That`s up to the instructor though, so make sure you get on their good side!
4.5 out of 5
207 Ratings

Detailed Rating

Stars 5
Stars 4
Stars 3
Stars 2
Stars 1