Published 2/2025
MP4 | Video: h264, 1280×720 | Audio: AAC, 44.1 KHz
Language: English | Size: 1.26 GB | Duration: 2h 27m
Learn some Android hacking techniques used in CVE exploits and hacking competitions
What you’ll learn
Become more comfortable with decompiling Android applications
Be able to spot potential security issues when looking at Android source code
Learn about more obscure behaviors of the Android operating system
Create custom applications to exploit Android vulnerabilities
Replicate some of the Android security issues previously exploited at hacking competitions
Mimic the techniques used to find CVEs related to Android application security
Requirements
Either a rooted physical Android device running at least Android 12, or the ability to run an Android emulator within Android Studio
How to setup a hooking environment, preferably with Frida
Have beginner level experience hooking into Android applications
Understanding of what the External Storage is and how it works
What the different types of IPCs are in Android (Activity / Content Provider / Service / etc)
Description
Are you an Android penetration tester looking to expand your skill set beyond the usual vulnerabilities and dive deep into the more advanced areas of Android security? This hands-on course is precisely for you.It’s not just about examining exported activities and keystore access. This course delves into the intricacies of how Android applications communicate with each other. You’ll see firsthand how a malicious application can exploit misconfigurations in Intents, Content Providers, and other components to compromise or abuse target apps.Using our Axolotl test application, created specifically for this course, you’ll practice building your own “attacker” application designed to exploit each discovered vulnerability. Real-life examples will help you connect the dots between theoretical knowledge and practical attacks frequently encountered in the wild. By the end, you’ll not only have honed your existing penetration testing expertise, but also gained the highly specialized insight needed to tackle loopholes in Android apps.What this course covers:Intent Mechanics: Explore `getIntent()`, Browsable Intents, NFC tag exploits, and MIME-type hijacking.Unexported Content Providers: Abuse `grantUriPermissions` in ways typical testing overlooks.WebView Vulnerabilities: Understand JavaScript Bridge threats, file access tricks, and Cross-Origin policy flaws.Custom Permissions: Delve into custom permission structures for exploitation scenarios.Loading Custom DEX Files: Dynamically inject malicious code into target apps to bypass security measures.If you already understand the foundations of Android penetration testing and want to push the limits by exploring additional vulnerabilities and attack surfaces, this course is your gateway to the cutting edge of Android security.
People that have done *some* Android application penetration testing, such as for pentesting client engagements, but want to learn about exploiting more obscure Android behaviors.,People that understand what an “exported Activity” is, but don’t really understand how it can be used in a malicious way.,People that have done some Frida scripting to finish some of the public Android training apps (like DIVA)
Password/解压密码www.tbtos.com转载请注明:0daytown » Pentesting Exploits Noted In Smartphones (Android Edition)