最新消息:请大家多多支持

Android Pentesting 101

教程/Tutorials dsgsd 95浏览 0评论

Published 8/2023
MP4 | Video: h264, 1280×720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.72 GB | Duration: 4h 53m

Complete A-Z course on Android Penetration Testing & Android Bug Bounty Hunting with practical explanations

What you’ll learn
OWASP Mobile Top 10
Rooting an Android device
Android Basics & how applications work on Android devices
Android Security
Cybersecurity
Android Penetration Testing
Static Analysis
Dynamic Analysis
Live Attacks
Bug Bounty

Requirements
No programming experience required
Basic computer skills
A Android device/emulator (Do not use your personal device)
Willingness to learn!

Description
Welcome to the Android Pentesting 101 Course. This course covers about how security works in Android devices and how vulnerabilities can be found in Android applications. The course starts with the basics of how you can set up your hacking environment and then gradually moves on to how security works in Android Applications. The course also shows you the different types of Emulators and how you can Root your Android Device. The course also covers OWASP Mobile Top 10 and would cover all the categories of OWASP Mobile Top 10 with practical examples. The course also includes a detailed overview of Android Concepts such as Dalvik VM, Android Components, Android Architecture Stack, etc. The course also shows you how you can decompile and reverse engineer a particular Android application to get the source code.The major section of Android Pentesting is the Static and the Dynamic Analysis where most of the vulnerabilities would be covered with practical approaches. These approaches can also be used to find vulnerabilities in bug bounty programs.At the end of the course, you would be exposed to certain Tips and Tricks that will make your upgrade Android Pentesting skills. These tips will help you to differentiate yourself from others.This course also includes the vulnerabilities found in Live Targets for better understanding.

Overview
Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Disclaimer

Section 2: Setting Up your hacking environment!

Lecture 3 Setting up Mobexler

Lecture 4 Emulators

Lecture 5 Setting up Genymotion – Android Emulator

Lecture 6 Setting up Android Studio Emulator – Android Emulator

Lecture 7 Setting up Nox Player

Lecture 8 Rooting

Lecture 9 Connecting BurpSuite with Android Device

Lecture 10 Installing your first application DIVA

Section 3: Getting started with Android

Lecture 11 Introduction to Android Applications

Lecture 12 Android Architecture Stack

Lecture 13 Android Components

Lecture 14 Android File System

Lecture 15 Android Data Storage Options

Lecture 16 Transferring data between Device and PC

Lecture 17 Extracting Applications using APK Extractor

Lecture 18 Decompiling Applications using dex2jar

Lecture 19 Decompiling applications using Jadx GUI

Section 4: Android Basics

Lecture 20 APK Contents

Lecture 21 Dalvik

Lecture 22 Smali

Lecture 23 Webviews

Lecture 24 Application Signing & Verification

Lecture 25 AndroidManifest.xml file

Section 5: OWASP Mobile TOP 10

Lecture 26 What is OWASP?

Lecture 27 M1: Improper Platform Usage

Lecture 28 M2: Insecure Data Storage

Lecture 29 M3: Insecure Communication

Lecture 30 M4: Insecure Authentication & M5: Insufficient Cryptography

Lecture 31 OWASP M6, M7, M8, M9, M10

Lecture 32 OWASP Mobile Top 10 2023

Section 6: Static Analysis

Lecture 33 What is Static Analysis

Lecture 34 MobSF

Lecture 35 Cloudsek BeVigil

Lecture 36 Yaazhini

Lecture 37 SharedPreferences Analysis

Lecture 38 Analysing other data storage options

Lecture 39 Logcat

Lecture 40 Pidcat

Lecture 41 Hardcoded Credentials

Lecture 42 Drozer

Lecture 43 Exploiting Applications using Drozer

Lecture 44 Firebase Misconfigurations

Lecture 45 Pasteboard

Lecture 46 Hot Patching

Lecture 47 WebView Related Vulnerabilities

Section 7: Dynamic Analysis

Lecture 48 Setting up platform tools

Lecture 49 ADB

Lecture 50 Frida & Objection

Lecture 51 Frida-CodeShare

Lecture 52 Bypassing Root Detection using Frida

Lecture 53 Bypassing Root Detection using Medusa

Lecture 54 Bypassing Root Detection using Objection

Lecture 55 Bypassing Root Detection using Magisk

Lecture 56 Bypassing SSL Pinning using Frida

Lecture 57 Bypassing SSL Pinning using Objection

Lecture 58 Bypassing SSL Pinning by overwriting packaged CA Certificate with custom CA Cert

Lecture 59 Bypassing SSL Pinning using android-unpinner

Lecture 60 Fingerprint Detection Bypass

Section 8: Progressive Web Application Attacks

Lecture 61 Progressive Web Applications – Intrdouction

Lecture 62 Bypassing Root and SSL Pinning in PWAs

Section 9: Live Attacks

Lecture 63 Disclaimer

Lecture 64 Live Attack 1: Insecure Permissions

Lecture 65 Live Attack 2 : Application Signing & Janus Vulnerability

Lecture 66 Live Attack 3 : Hardcoded Credentials

Lecture 67 Live Attack 4 : Shared Preferences

Lecture 68 Live Attack 5 : Insufficient Cryptography

Lecture 69 Live Attack 6 : Non Parameterized SQL Query

Lecture 70 Live Attack 7 : Insecure Logging

Lecture 71 Live Attack 8 : Webview XSS

Lecture 72 Live Attack 9 : Pasteboard Monitor

Lecture 73 Live Attack 10 : Screenshot and Background Screen Caching

Lecture 74 Live Attack 11 : Root Detection Bypass + SSL Pinning Bypass

Lecture 75 Live Attack 12 : Fingerprint Bypass

Lecture 76 Live Attack 13 : No Rate Limit

Lecture 77 Live Attack 14 : Authentication Issues – Status and Response Code Manipulation

Lecture 78 Live Attack 15 : Business Logic Issue

Lecture 79 Live Attack 16 : Flutter APK Root & SSL Pinning Bypass

Section 10: Tips & Tricks

Lecture 80 Android Pentesting Checklist

Lecture 81 Android Pentesting Mindmap

Lecture 82 Android Pentesting Nuclei Templates

Lecture 83 Android Pentesting Reports Private

Lecture 84 Using objection & Frida without Rooting the device

Lecture 85 Android Frida Scripts

Lecture 86 Android Bug Bounty Journey

Section 11: Bonus Lecture: Conclusion & Links

Lecture 87 Conclusion

Lecture 88 Links – Bonus

Beginners who want to learn about Android Penetration Testing,Mobile Application Developers,Security Researchers,Cyber Security Enthusiast,Beginners who want to hunt vulnerabilities & security bugs in Android Applications,Bug Bounty Hunters

Password/解压密码www.tbtos.com

资源下载此资源仅限VIP下载,请先

转载请注明:0daytown » Android Pentesting 101

您必须 登录 才能发表评论!