Android Security and Exploitation for Pentesters is a course intended for people who want to get started into Android Security, or even who are a bit familiar with the Android security space but want to learn more about Android Application Security. This is a hands-on course where you will get to reverse applications, find security vulnerabilities, perform debugging and API hooking, use tools like Androguard and Droser, and a lot more.
The course takes example of real world applications, as well as custom made vulnerable applications to give you an in-depth view of the security issues in Android applications. Once the course is completed, you should be able to take any android application, tear it apart and identify vulnerabilities in it. It will also serve as a really good starting point, if you want to dig deeper and research more into Android Security.
The course is equally useful for security researchers, pentesters as well as Mobile Application developers. The training course has been previously run at a number of international security conferences all over the world, and has been highly well received.
A non-exhaustive list of topics to be covered include:
- Introduction to Android
- Android Security Architecture
- Android Permissions
- Android Application Internals
- Setting up Genymotion
- Android Application Components
- DEX File Analysis
- Introduction to Android Debug Bridge
- Logging Based Vulnerabilities
- Reversing Android Applications
- Analyzing Android Malwares
- Analyzing Android Traffic
- Bypassing SSL Pinning
- Leaking Content Providers
- Introduction to Drozer
- Read based Content Provider vulnerability
- Advanced Drozer Usage
- Drozer Scripting
- Dropbox Content Provider Vulnerability
- Backup Based Vulnerability
- Client Side Injection
- Hooking Introduction and Setting up Insecure Bank
- Android Debugging with Andbug
- Debugging with JDB
- Automated Hooking with Introspy
- Cydia Substrate and Hooking
- Xposed Framework and Hooking
- Analysis and Scripting using AndroGuard
- Webview Based vulnerabilities
- Exploiting Webview with Metasploit