Advanced Mobile Penetration Testing Of Android Applications

Computer security is no more about PCs. Is your TV, fridge and mobile phone. Learn to audit mobile apps!

Last updated 2022-01-10 | 4.3

- Learn to audit or perform penetration tests agains Android applications
- Learn tools and techniques
- Perform real world attacks on Android Devices and Apps

What you'll learn

Learn to audit or perform penetration tests agains Android applications
Learn tools and techniques
Perform real world attacks on Android Devices and Apps
Perform Certification Pinning bypass for most of Android Apps
Explore OWASP Top Ten Mobile and Web most common vulnerabilities
Android Malware Analysis

* Requirements

* basic computer skills and Linux OS
* web technologies knowledge
* knowledge of most common web vulnerabilities

Description

You already know some computer and network ethical hacking? What about moving forward and applying it to mobile apps as well? This course is for the beginners and may be useful for some advanced users as well.

Android Hacking and Penetration Testing course is a hands-on video course. The course will focus on the tools and techniques for testing the Security of Android Mobile applications. Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, hackers with malicious intent can do much more than send premium text messages. In this video you will learn how to hack Android applications. 

In this course you will apply web hacking techniques you already know on Android environment. Furthermore, we are going to explore OWASP Top Ten Mobile and Web most common vulnerabilities. This is an intermediate level course. 

Who this course is for:

  • penetration testers, security professionals and amateurs
  • web and mobile application developers
  • security enthusiasts

Course content

8 sections • 46 lectures

About the Author Preview 00:30

A few words about myself and my experience as a penetration tester.

What to expect from this course Preview 02:55

The course is for you, if you want to become an ethical hacker or for you, as a developer, if you want to understand how to test and secure your application.

The course will focus on the tools and techniques for testing the Security of Android Mobile applications. 

Join Our Online Classroom! Preview 00:54

Android Studio Preview 11:21

In this video you will learn about Android Studio, the main framework used to develop Android Applications.

AVD Manager is missing? ADB Connection and Monitor in Android Studio 3.5/newer Preview 01:27

Android Debug Bridge (ADB) Preview 06:23

In this video I will talk about Android Debug Bridge or ADB

Android emulator or Android Device? Preview 06:57

Emulator or real device? What to choose? Advantages vs disadvantages are explained in this video.

Android rooting Preview 05:43

Why Android rooting is important?

Setting up a Proxy for Android Preview 10:25

In this video you will show you how to setup a proxy in various emulators. Furthermore, you will learn basic information about Burp Suite.

Installing CA Certificate Preview 05:41

In this video I will show you how to add a CA certificate to Android emulator.

Android Vulnerable Application Setup Preview 03:43

In this video we will setup our environment using a vulnerable android application.

Virtual Machine Download Preview 00:05

APK file Structure. AndroidManifest XML file Preview 07:01

In this video I will speak about the content and structure of apk files and of the android manifest xml file.

Reversing to get Source code of the Application - decompiling with dex2jar Preview 10:53

in this and next videos we will speak about reverse engineering android applicatios

Reversing and Re-compiling With APKTool Preview 10:55

In this video we will decompile and recompile an apk file using apktool


APK Teardown in a Nutshell using Dexplorer on your Android Device Preview 02:56

In this video we will learn how we can access the apk source files directly on our Android device or emulator using Dexplorer

Static vs Dynamic Analysis Preview 05:58

In this video we will discuss static and dynamic analysis of Android Applications.

Static Analysis of Android Application using QARK Preview 13:05

In this vide you will learn how to perform a static analysis using QARK

Dynamic Analysis of Android Application using Inspeckage and Xposed Preview 15:36

In this video you will learn how to perform a dynamic analysis using Inspekage.

MobSF - Mobile-Security-Framework. Malware analysis Preview 10:48

Perform both static and dynamic analyse using MobSF

Automated Security Assessments with Drozer Preview 08:45

Perform a vulnerability scanning and exploitation using Drozer.

Intercept traffic using Wireshark and tcpdump Preview 05:22

In this video I will show you how to intercept traffic generated by your emulator using Wireshark.

Intent Sniffing Preview 05:23

In this video we will perform Intent Sniffing attack for the Insecure Bank application

Fuzzing using Burp - Password Brute-Force. Username enumeration Preview 11:58

In this video I will show you how to discover, mitigate and exploit username enumeration and username&password brute force using Burp.

General Description Preview 04:10

In this video I will explain some basic concepts of ssl certificate pinning

Automatic bypass of certificate pinning Preview 08:51

In this video I will show you how to perform an automatic ssl pinning.

Manual bypass of certificate pinning Preview 31:50

In this video I will perform a manual bypass of ssl certificate pinning by reverse engineering an application, changing its code and recompiling it.

Bonus - Take control over an Android phone using metasploit Preview 06:35

In this video you will learn how to generate an .apk door backdoor for an android device and use it to remotely control and exfiltrate data such as SMS, geolocation, calls, contacts and so on.

Penetration Testing Cheat Sheet Preview 18:59

In this video I will guide you trough a penetration testing cheat sheet

We will cover owasp top ten mobile vulnerability, but in this case we will talk about way to test for that specific vulnerability.

Also, we will discuss other category-based threats, such as application, web, network and physical based threats.

In the end I will present a list of additional tools that you can further explore and use, depending on your project.

OWASP Top 10 Mobile Vulnerabilities and Attacks Preview 13:22

In this video we will go trough OWASP’s Top ten The Most Common Mobile Vulnerabilities. 

You will also find useful resources on the links provided, about each of the vulnerabilities, further explanations and examples, tutorials of how to check and exploit this kind of vulnerability. 

Further research - Automatic and Manual Scanning for Vulnerabilities Preview 18:15

In this video I will present you a list of specific tools that you can further use to search vulnerabilities in the mobile apps. Furthermore, we will go trough the OWASP's top ten web vulnerabilities, that may also apply to the mobile applications. It's a start point for further research.

For Developers - Android Security Guidlines Preview 01:21

If you are a developer, a secure guideline may turn up rally useful for you.Therefore, I found an interesting document to remind you to cover some security aspects in your future application.

Bonus - Easily download any APK file from Google Play directly on your PC Preview 01:08

Sometimes you have to test an app, but you don’t have acces to the apk directly, only a name or a link to google play. what can you do?

Final Words Preview 00:15

Further information Preview 00:16

Core Problems - Why Web Security Preview 07:33

Spider and Analyze a Website using Burp Preview 05:26

Brute-frocing Web Resources using Dirb and Dirbuster Preview 10:38

SQL injection Preview 09:09

Exploiting SQLi using Sqlmap and Getting Remote Shell Preview 10:07

Upload and Remote File Execution Preview 10:43

Alternative setup - Download Burp. Free vs Paid Preview 01:25

Proxy - General Concept Preview 04:24

Target Module Preview 10:21

Proxy Module - part 1 Preview 11:48

Proxy Module - part 2 Preview 10:06