Learn how to hack Android apps and obtain Android bug bounties
What you will learn
Setting up Android Studio and Emulators
Basics of adb
Decompiling and Recompiling apks
Drozer
Burp Suite
Code Modification Exploits
Finding code backdoors
Activity Exploits
Broadcast exploits
Content provider injection
Access control issues
Scoring Vulnerabilities with CVSS
Description
In this course, I will walk you through the process of penetration testing applications to find vulnerabilities and earn bug bounties. We will analyze a vulnerable Android app, and see how vulnerabilities can be found using tools such as:
- Drozer
- Dex2Jar
- Jadx
- ApkTool
- Adb
- Burp Suite
Learn about dynamic and static analysis to become an expert at finding Android exploits!
English
language
Content
Lab Setup
Installing Python and Android Studio
Setting up Decompilation Tools
Setting up the Insecure Bank App
Information Gathering
Setting up Burp Suite for Android
Analyzing Server Interaction with Burp Suite
Pulling Apk Files from Android Devices
Decompiling APKs with Apktool and Dex2Jar
Installing Drozer and Scanning Attack Surfaces
APK modification exploits
Modifying Resource Files to Gain Escalated Privileges
Modifying Smali Code to Bypass Root Detection
Insecure Authentication Exploits
Login Backdoors
Exploting Unprotected Activities
Insecure Storage Exploits
Exploiting Poorly Implemented Cryptography
Analyzing SQLite Storage
Analyzing Logcat for Information Disclosures
Broadcast and Content Provider Exploits
Exploiting Broadcast Receivers
Exploiting Content Providers
General Bug Bounty Tips
CVSS Scoring and Report Tips
Bonus Resources
Bonus Resources