Description
In this course, you will learn:
- Setting up Android Studio and Emulators
- Basics of adb
- Decompiling and Recompiling apks
- Drozer
- Burp Suite
- Code Modification Exploits
- Finding code backdoors
- Activity Exploits
- Broadcast exploits
- Content provider injection
- Access control issues
- Scoring Vulnerabilities with CVSS
Syllabus:
1. Lab Setup
- Installing Python and Android Studio
- Setting up Decompilation Tools
- Setting up the Insecure Bank App
- Creating a Rooted Emulator
2. Information Gathering
- Setting up Burp Suite for Android
- Analyzing Server Interaction with Burp Suite
- Pulling Apk Files from Android Devices
- Decompiling APKs with Apktool and Dex2Jar
- Installing Drozer and Scanning Attack Surfaces
3. APK modification exploits
- Modifying Resource Files to Gain Escalated Privileges
- Modifying Smali Code to Bypass Root Detection
4. Insecure Authentication Exploits
- Login Backdoors
- Exploting Unprotected Activities
5. Insecure Storage Exploits
- Exploiting Poorly Implemented Cryptography
- Analyzing SQLite Storage
- Analyzing Logcat for Information Disclosures
6. Broadcast and Content Provider Exploits
- Exploiting Broadcast Receivers
- Exploiting Content Providers
7. General Bug Bounty Tips
-
CVSS Scoring and Report Tips