
Install the Android emulator on Windows with Maemo, compare options like Genymotion and Knox Player, then root and configure network, device model, and display for Android penetration testing.
Learn to use APK tool for reverse engineering in Android penetration testing, decompile and rebuild apps, and perform static analysis on manifest and resource files across Windows and Kali Linux.
Install and configure Frida, a dynamic instrumentation toolkit, for client and server setups on Linux, Windows, and Android emulators to bypass root detection and SSL pinning.
Understand root detection on Android and the difference between normal and root users. Learn how rooting enables bypassing SSL pinning and other checks with Frida for security testing.
Explores bypassing Android root detection using Frida on an emulator, showcasing runtime techniques and JavaScript scripts to open apps despite root checks.
Install the objection tool and bypass root detection using Frida, ADB, and the app package name. Run Android root disable to access the app when root checks fail.
Learn to bypass route detection manually by tampering with code, decompiling the apk, removing the exit on click in the main activity, recompiling and signing, then reinstalling for device testing.
Demonstrate insecure logging by showing credentials stored in plaintext in android logs, and guide detection using adb logcat, frida to identify the package, and encrypt credentials and logs.
Explain how to locate and view sensitive data stored in local storage via adb, exploring shared preferences and sqlite databases, showing plain text credentials such as admin / password 123.
Learn how to identify and exploit vulnerable Android activities by inspecting the manifest, checking exported settings, and using adb to trigger direct activity calls that bypass authentication.
Learn to bypass ssl pinning on android using objection and frida, configure burp suite proxy, and intercept login requests.
Learn static code analysis by decompiling an Android app with apk tool and analyzing the Android manifest for permissions, api keys, urls, and task hijacking vulnerabilities.
Analyze the Android manifest file to inspect debug and backup attributes and clear text traffic, highlighting vulnerabilities attackers could exploit.
Explore how to locate sensitive information in the Jade tool by searching for keys, including API keys, usernames, and passwords to reveal vulnerabilities.
Learn to analyze the strings.xml file by decompiling the app, inspecting res/values/strings.xml, and detecting sensitive data like private keys, API keys, usernames, passwords, and URLs.
Learn to use the open source apk leaks automation tool to decompile android apps, reveal sensitive data like keys and passwords, and export findings to json for analysis.
Master nuclei as a scanner to scan Android apps, websites, and networks for vulnerabilities using mobile templates; install via go 1.20, run targeted scans, and review DNS service detection results.
Use MobSF, a mobile security framework, to scan Android, iOS, and Windows apps with static and dynamic analysis, generate pdf reports, and identify vulnerabilities like debug certificates and Janus.
Review the android application security series highlights, including lab setup with Knox, Frida, APK tool, and Objection, and bypass SSL pinning and route detection, with static and dynamic pentesting.
In this comprehensive course, you'll learn the essential skills and techniques for conducting effective penetration testing of Android applications. Through hands-on exercises and real-world examples, you'll gain a deep understanding of the unique challenges and vulnerabilities that Android applications present, and you'll learn how to identify and exploit those vulnerabilities to improve the security of mobile applications.
Throughout the course, you'll cover key topics such as reconnaissance and information gathering, vulnerability analysis, exploitation techniques. You'll also learn how to use industry-standard tools for the android penetration testing such as objection, JADX, MobSF and Frida etc.. .
The course places a strong emphasis on hands-on learning and practical application of skills, with a focus on the various tools.
Throughout the course, students will engage in a variety of hands-on exercises and challenges, with a focus on applying their knowledge to real-world scenarios.
By the end of the course, you'll be able to confidently conduct penetration testing of Android applications and provide valuable insights to improve the security of mobile applications. Whether you're a security professional looking to specialize in mobile security or a developer seeking to improve the security of your applications, this course will provide you with the knowledge and skills you need to succeed in the field of Android penetration testing.