Mobile Penetration Testing of Android Applications
4.0 (561 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4,691 students enrolled

Mobile Penetration Testing of Android Applications

Computer security is no more about PCs. Is your TV, fridge and mobile phone. Learn to audit mobile apps!
4.0 (561 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4,691 students enrolled
Created by Gabriel Avramescu
Last updated 2/2020
English
English [Auto]
Current price: $139.99 Original price: $199.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 6 hours on-demand video
  • 4 articles
  • 41 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Learn to audit or perform penetration tests agains Android applications
  • Learn tools and techniques
  • Perform real world attacks on Android Devices and Apps
  • Perform Certification Pinning bypass for most of Android Apps
  • Explore OWASP Top Ten Mobile and Web most common vulnerabilities
  • Android Malware Analysis
Requirements
  • basic computer skills and Linux OS
  • web technologies knowledge
  • knowledge of most common web vulnerabilities
Description

You already know some computer and network ethical hacking? What about moving forward and applying it to mobile apps as well? This course is for the beginners and may be useful for some advanced users as well.

Android Hacking and Penetration Testing course is a hands-on video course. The course will focus on the tools and techniques for testing the Security of Android Mobile applications. Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, hackers with malicious intent can do much more than send premium text messages. In this video you will learn how to hack Android applications. 

In this course you will apply web hacking techniques you already know on Android environment. Furthermore, we are going to explore OWASP Top Ten Mobile and Web most common vulnerabilities. This is an intermediate level course. 

Who this course is for:
  • penetration testers, security professionals and amateurs
  • web and mobile application developers
  • security enthusiasts
Course content
Expand all 46 lectures 06:01:28
+ Introduction
3 lectures 04:19

A few words about myself and my experience as a penetration tester.

Preview 00:30

The course is for you, if you want to become an ethical hacker or for you, as a developer, if you want to understand how to test and secure your application.

The course will focus on the tools and techniques for testing the Security of Android Mobile applications. 

Preview 02:55
Join Our Online Classroom!
00:54
+ Android Development Tools
3 lectures 19:11

In this video you will learn about Android Studio, the main framework used to develop Android Applications.

Android Studio
11:21
AVD Manager is missing? ADB Connection and Monitor in Android Studio 3.5/newer
01:27

In this video I will talk about Android Debug Bridge or ADB

Android Debug Bridge (ADB)
06:23
+ Environment Setup
6 lectures 32:33

Emulator or real device? What to choose? Advantages vs disadvantages are explained in this video.

Android emulator or Android Device?
06:57

Why Android rooting is important?

Android rooting
05:43

In this video you will show you how to setup a proxy in various emulators. Furthermore, you will learn basic information about Burp Suite.

Setting up a Proxy for Android
10:25

In this video I will show you how to add a CA certificate to Android emulator.

Installing CA Certificate
05:41

In this video we will setup our environment using a vulnerable android application.

Android Vulnerable Application Setup
03:43
Virtual Machine Download
00:04
+ Android Application Review. Reverse Engineering and App Analysis
12 lectures 01:48:40

In this video I will speak about the content and structure of apk files and of the android manifest xml file.

APK file Structure. AndroidManifest XML file
07:01

in this and next videos we will speak about reverse engineering android applicatios

Reversing to get Source code of the Application - decompiling with dex2jar
10:53

In this video we will decompile and recompile an apk file using apktool


Preview 10:55

In this video we will learn how we can access the apk source files directly on our Android device or emulator using Dexplorer

APK Teardown in a Nutshell using Dexplorer on your Android Device
02:56

In this video we will discuss static and dynamic analysis of Android Applications.

Static vs Dynamic Analysis
05:58

In this vide you will learn how to perform a static analysis using QARK

Static Analysis of Android Application using QARK
13:05

In this video you will learn how to perform a dynamic analysis using Inspekage.

Dynamic Analysis of Android Application using Inspeckage and Xposed
15:36

Perform both static and dynamic analyse using MobSF

MobSF - Mobile-Security-Framework. Malware analysis
10:48

Perform a vulnerability scanning and exploitation using Drozer.

Automated Security Assessments with Drozer
08:45

In this video I will show you how to intercept traffic generated by your emulator using Wireshark.

Intercept traffic using Wireshark and tcpdump
05:22

In this video we will perform Intent Sniffing attack for the Insecure Bank application

Intent Sniffing
05:23

In this video I will show you how to discover, mitigate and exploit username enumeration and username&password brute force using Burp.

Fuzzing using Burp - Password Brute-Force. Username enumeration
11:58
+ Bypass Certificate Pinning
3 lectures 44:51

In this video I will explain some basic concepts of ssl certificate pinning

General Description
04:10

In this video I will show you how to perform an automatic ssl pinning.

Automatic bypass of certificate pinning
08:51

In this video I will perform a manual bypass of ssl certificate pinning by reverse engineering an application, changing its code and recompiling it.

Manual bypass of certificate pinning
31:50
+ Next Steps and Conclusions
7 lectures 59:55

In this video you will learn how to generate an .apk door backdoor for an android device and use it to remotely control and exfiltrate data such as SMS, geolocation, calls, contacts and so on.

Bonus - Take control over an Android phone using metasploit
06:35

In this video I will guide you trough a penetration testing cheat sheet

We will cover owasp top ten mobile vulnerability, but in this case we will talk about way to test for that specific vulnerability.

Also, we will discuss other category-based threats, such as application, web, network and physical based threats.

In the end I will present a list of additional tools that you can further explore and use, depending on your project.

Penetration Testing Cheat Sheet
18:59

In this video we will go trough OWASP’s Top ten The Most Common Mobile Vulnerabilities. 

You will also find useful resources on the links provided, about each of the vulnerabilities, further explanations and examples, tutorials of how to check and exploit this kind of vulnerability. 

OWASP Top 10 Mobile Vulnerabilities and Attacks
13:22

In this video I will present you a list of specific tools that you can further use to search vulnerabilities in the mobile apps. Furthermore, we will go trough the OWASP's top ten web vulnerabilities, that may also apply to the mobile applications. It's a start point for further research.

Further research - Automatic and Manual Scanning for Vulnerabilities
18:15

If you are a developer, a secure guideline may turn up rally useful for you.Therefore, I found an interesting document to remind you to cover some security aspects in your future application.

For Developers - Android Security Guidlines
01:21

Sometimes you have to test an app, but you don’t have acces to the apk directly, only a name or a link to google play. what can you do?

Bonus - Easily download any APK file from Google Play directly on your PC
01:08
Final Words
00:15
+ (Bonus) Web Penetration Testing
7 lectures 53:52
Further information
00:16
Core Problems - Why Web Security
07:33
Spider and Analyze a Website using Burp
05:26
Brute-frocing Web Resources using Dirb and Dirbuster
10:38
SQL injection
09:09
Exploiting SQLi using Sqlmap and Getting Remote Shell
10:07
Upload and Remote File Execution
10:43
+ (Bonus) Learn Burp for advanced mobile and web pentesting
5 lectures 38:04
Alternative setup - Download Burp. Free vs Paid
01:25
Proxy - General Concept
04:24
Target Module
10:21
Proxy Module - part 1
11:48
Proxy Module - part 2
10:06