Mobile Penetration Testing of Android Applications
You already know some computer and network ethical hacking? What about moving forward and applying it to mobile apps as well? This course is for the beginners and may be useful for some advanced users as well.
Android Hacking and Penetration Testing course is a hands-on video course. The course will focus on the tools and techniques for testing the Security of Android Mobile applications. Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, hackers with malicious intent can do much more than send premium text messages. In this video you will learn how to hack Android applications.
In this course you will apply web hacking techniques you already know on Android environment. Furthermore, we are going to explore OWASP Top Ten Mobile and Web most common vulnerabilities. This is an intermediate level course.
A few words about myself and my experience as a penetration tester.
The course is for you, if you want to become an ethical hacker or for you, as a developer, if you want to understand how to test and secure your application.
The course will focus on the tools and techniques for testing the Security of Android Mobile applications.
Android Development Tools
In this video you will learn about Android Studio, the main framework used to develop Android Applications.
In this video I will talk about Android Debug Bridge or ADB
Emulator or real device? What to choose? Advantages vs disadvantages are explained in this video.
Why Android rooting is important?
In this video you will show you how to setup a proxy in various emulators. Furthermore, you will learn basic information about Burp Suite.
In this video I will show you how to add a CA certificate to Android emulator.
In this video we will setup our environment using a vulnerable android application.
Android Application Review. Reverse Engineering and App Analysis
In this video I will speak about the content and structure of apk files and of the android manifest xml file.
in this and next videos we will speak about reverse engineering android applicatios
In this video we will decompile and recompile an apk file using apktool
In this video we will learn how we can access the apk source files directly on our Android device or emulator using Dexplorer
In this video we will discuss static and dynamic analysis of Android Applications.
In this vide you will learn how to perform a static analysis using QARK
In this video you will learn how to perform a dynamic analysis using Inspekage.
Perform both static and dynamic analyse using MobSF
Perform a vulnerability scanning and exploitation using Drozer.
In this video I will show you how to intercept traffic generated by your emulator using Wireshark.
In this video we will perform Intent Sniffing attack for the Insecure Bank application
In this video I will show you how to discover, mitigate and exploit username enumeration and username&password brute force using Burp.
Bypass Certificate Pinning
In this video I will explain some basic concepts of ssl certificate pinning
In this video I will show you how to perform an automatic ssl pinning.
In this video I will perform a manual bypass of ssl certificate pinning by reverse engineering an application, changing its code and recompiling it.
Next Steps and Conclusions
In this video you will learn how to generate an .apk door backdoor for an android device and use it to remotely control and exfiltrate data such as SMS, geolocation, calls, contacts and so on.
In this video I will guide you trough a penetration testing cheat sheet
We will cover owasp top ten mobile vulnerability, but in this case we will talk about way to test for that specific vulnerability.
Also, we will discuss other category-based threats, such as application, web, network and physical based threats.
In the end I will present a list of additional tools that you can further explore and use, depending on your project.
In this video we will go trough OWASP’s Top ten The Most Common Mobile Vulnerabilities.
You will also find useful resources on the links provided, about each of the vulnerabilities, further explanations and examples, tutorials of how to check and exploit this kind of vulnerability.
In this video I will present you a list of specific tools that you can further use to search vulnerabilities in the mobile apps. Furthermore, we will go trough the OWASP's top ten web vulnerabilities, that may also apply to the mobile applications. It's a start point for further research.
If you are a developer, a secure guideline may turn up rally useful for you.Therefore, I found an interesting document to remind you to cover some security aspects in your future application.
Sometimes you have to test an app, but you don’t have acces to the apk directly, only a name or a link to google play. what can you do?