Home / Course catalog / Mobile Penetration Testing of Android Applications

Mobile Penetration Testing of Android Applications

Hacking


Description

Computer security is no more about PCs. Is your TV, fridge and mobile phone. Learn to audit mobile apps!

You already know some computer and network ethical hacking? What about moving forward and applying it to mobile apps as well? This course is for the beginners and advanced as well.

Android Hacking and Penetration Testing course is a hands-on video course. The course will focus on the tools and techniques for testing the Security of Android Mobile applications. Android, the Google operating system that’s on 80% of the world’s smartphones. In extreme cases, hackers with malicious intent can do much more than sending premium text messages. In this video, you will learn how to hack Android applications. 

In this course you will apply web hacking techniques you already know on Android environment. Furthermore, we are going to explore OWASP Top Ten Mobile and Web most common vulnerabilities. This is an intermediate level course. 

Content
  • Introduction
  • About the Author
  • What to expect from this course sample
  • OWASP Top Ten Mobile Vulnerabilities
  • Android Development Tools
  • Android Studio
  • Android Debug Bridge
  • Environment Setup
  • Android emulator or Android Device?
  • Android Rooting
  • Setting up a proxy in Android
  • Installing CA Certificate
  • Android Vulnerable Application Setup
  • Android Application Review. Reverse Engineering and App Analysis
  • APK file Structure. AndroidManifest XML file
  • Reversing to get Source code of the Application - decompiling with dex2jar
  • Reversing and Re-compiling With APKTool
  • APK Teardown in a Nutshell using Dexplorer on your Android Device
  • Static vs Dynamic Analysis
  • Static Analysis of Android Application using QARK
  • Dynamic Analysis of Android Application using Inspeckage and Xsposed
  • MobSF - Mobile-Security-Framework
  • Automated Security Assessments with Drozer
  • sniffing intent.mp4
  • Fuzzing using Burp - Password Brute-Force. Username enumeration
  • Bypass Certificate Pinning
  • General Description
  • Automatic Bypass of SSL Pinning
  • Manual Bypass of SSL Pinning - Part 1
  • Manual Bypass of SSL Pinning - Part 2
  • Next Steps and Conclusions
  • Bonus -Take control over an Android phone using metasploit
  • Penetration Testing Cheat Sheet
  • For Developers - Android Security Guidelines
  • Further research - Automatic and Manual Scanning for Vulnerabilities
  • Bonus - Download any APK from Google Play directly on your PC
  • Final Words
Completion rules
  • All units must be completed