Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Advanced Mobile Penetration Testing of Android Applications
Introduction
About the Author (0:30)
What to expect from this course (2:55)
OWASP Top Ten Mobile Vulnerabilities (13:22)
Android Development Tools
Android Studio (11:21)
Android Debug Bridge (6:23)
Environment Setup
Android emulator or Android Device? (6:57)
Android Rooting (5:43)
Setting up a proxy in Android (10:25)
Installing CA Certificate (5:41)
Android Vulnerable Application Setup (3:43)
Android Application Review. Reverse Engineering and App Analysis
APK file Structure. AndroidManifest XML file (7:01)
Reversing to get Source code of the Application - decompiling with dex2jar (10:53)
Reversing and Re-compiling With APKTool (10:55)
APK Teardown in a Nutshell using Dexplorer on your Android Device (2:56)
Static vs Dynamic Analysis (5:58)
Static Analysis of Android Application using QARK (13:05)
Dynamic Analysis of Android Application using Inspeckage and Xsposed (15:36)
MobSF - Mobile-Security-Framework (10:48)
Automated Security Assessments with Drozer (8:45)
Intercept traffic using Wireshark (5:22)
Intent Sniffing (5:23)
Fuzzing using Burp - Password Brute-Force. Username enumeration (20:49)
Bypass Certificate Pinning
General Description
Automatic Bypass of SSL Pinning (8:51)
Manual Bypass of SSL Pinning (31:50)
Next Steps and Conclusions
Bonus -Take control over an Android phone using metasploit (6:35)
Penetration Testing Cheat Sheet (18:59)
For Developers - Android Security Guidelines (1:21)
Further research - Automatic and Manual Scanning for Vulnerabilities (18:16)
Bonus - Download any APK from Google Play directly on your PC (1:08)
Final Words (0:15)
Intent Sniffing
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock