Mobile Penetration Testing of Android Applications

Name: Mobile Penetration Testing of Android Applications
Rating: 4.5 (2842 reviews)

Computer security is no more about PCs. Is your TV, fridge and mobile phone. Learn to audit mobile apps!

Created byGabriel Avramescu

Last updated 4/2024

English

What you'll learn

Learn to audit or perform penetration tests agains Android applications
Learn tools and techniques
Perform real world attacks on Android Devices and Apps
Perform Certification Pinning bypass for most of Android Apps
Explore OWASP Top Ten Mobile and Web most common vulnerabilities
Android Malware Analysis

Course content

8 sections • 46 lectures • 6h 1m total length

About the Author0:30
A few words about myself and my experience as a penetration tester.
What to expect from this course2:55
The course is for you, if you want to become an ethical hacker or for you, as a developer, if you want to understand how to test and secure your application.

The course will focus on the tools and techniques for testing the Security of Android Mobile applications.
Join Our Online Classroom!0:54

Android emulator or Android Device?6:57
Emulator or real device? What to choose? Advantages vs disadvantages are explained in this video.
Android rooting5:43
Why Android rooting is important?
Setting up a Proxy for Android10:25
In this video you will show you how to setup a proxy in various emulators. Furthermore, you will learn basic information about Burp Suite.
Installing CA Certificate5:41
In this video I will show you how to add a CA certificate to Android emulator.
Virtual Machine Download0:07
Android Vulnerable Application Setup3:43
In this video we will setup our environment using a vulnerable android application.

APK file Structure. AndroidManifest XML file7:01
In this video I will speak about the content and structure of apk files and of the android manifest xml file.
Reversing to get Source code of the Application - decompiling with dex2jar10:53
in this and next videos we will speak about reverse engineering android applicatios
Reversing and Re-compiling With APKTool10:55
In this video we will decompile and recompile an apk file using apktool
APK Teardown in a Nutshell using Dexplorer on your Android Device2:56
In this video we will learn how we can access the apk source files directly on our Android device or emulator using Dexplorer
Static vs Dynamic Analysis5:58
In this video we will discuss static and dynamic analysis of Android Applications.
Static Analysis of Android Application using QARK13:05
In this vide you will learn how to perform a static analysis using QARK
Dynamic Analysis of Android Application using Inspeckage and Xposed15:36
In this video you will learn how to perform a dynamic analysis using Inspekage.
MobSF - Mobile-Security-Framework. Malware analysis10:48
Perform both static and dynamic analyse using MobSF
Automated Security Assessments with Drozer8:45
Perform a vulnerability scanning and exploitation using Drozer.
Intercept traffic using Wireshark and tcpdump5:22
In this video I will show you how to intercept traffic generated by your emulator using Wireshark.
Intent Sniffing5:23
In this video we will perform Intent Sniffing attack for the Insecure Bank application
Fuzzing using Burp - Password Brute-Force. Username enumeration11:58
In this video I will show you how to discover, mitigate and exploit username enumeration and username&password brute force using Burp.

General Description4:10
In this video I will explain some basic concepts of ssl certificate pinning
Automatic bypass of certificate pinning8:51
In this video I will show you how to perform an automatic ssl pinning.
Manual bypass of certificate pinning31:50
In this video I will perform a manual bypass of ssl certificate pinning by reverse engineering an application, changing its code and recompiling it.

Bonus - Take control over an Android phone using metasploit6:35
In this video you will learn how to generate an .apk door backdoor for an android device and use it to remotely control and exfiltrate data such as SMS, geolocation, calls, contacts and so on.
Penetration Testing Cheat Sheet18:59
In this video I will guide you trough a penetration testing cheat sheet

We will cover owasp top ten mobile vulnerability, but in this case we will talk about way to test for that specific vulnerability.

Also, we will discuss other category-based threats, such as application, web, network and physical based threats.

In the end I will present a list of additional tools that you can further explore and use, depending on your project.
OWASP Top 10 Mobile Vulnerabilities and Attacks13:22
In this video we will go trough OWASP’s Top ten The Most Common Mobile Vulnerabilities.
You will also find useful resources on the links provided, about each of the vulnerabilities, further explanations and examples, tutorials of how to check and exploit this kind of vulnerability.
Further research - Automatic and Manual Scanning for Vulnerabilities18:15
In this video I will present you a list of specific tools that you can further use to search vulnerabilities in the mobile apps. Furthermore, we will go trough the OWASP's top ten web vulnerabilities, that may also apply to the mobile applications. It's a start point for further research.
For Developers - Android Security Guidlines1:21
If you are a developer, a secure guideline may turn up rally useful for you.Therefore, I found an interesting document to remind you to cover some security aspects in your future application.
Bonus - Easily download any APK file from Google Play directly on your PC1:08
Sometimes you have to test an app, but you don’t have acces to the apk directly, only a name or a link to google play. what can you do?
Final Words0:15

Requirements

basic computer skills and Linux OS
web technologies knowledge
knowledge of most common web vulnerabilities

Description

You already know some computer and network ethical hacking? What about moving forward and applying it to mobile apps as well? This course is for the beginners and may be useful for some advanced users as well.

Android Hacking and Penetration Testing course is a hands-on video course. The course will focus on the tools and techniques for testing the Security of Android Mobile applications. Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, hackers with malicious intent can do much more than send premium text messages. In this video you will learn how to hack Android applications.

In this course you will apply web hacking techniques you already know on Android environment. Furthermore, we are going to explore OWASP Top Ten Mobile and Web most common vulnerabilities. This is an intermediate level course.

Who this course is for:

penetration testers, security professionals and amateurs
web and mobile application developers
security enthusiasts

Mobile Penetration Testing of Android Applications

What you'll learn

Explore related topics

Course content

Introduction - the basics3 lectures • 4min

Android Development Tools3 lectures • 19min

Environment Setup6 lectures • 33min

Android Application Review. Reverse Engineering and App Analysis12 lectures • 1hr 49min

Bypass Certificate Pinning3 lectures • 45min

Next Steps and Conclusions7 lectures • 1hr

(Bonus) Web Penetration Testing7 lectures • 54min

(Bonus) Learn Burp for advanced mobile and web pentesting5 lectures • 38min

Requirements

Description

Who this course is for: