Android Application Pentesting - Mystikcon 2020
ฝัง
- เผยแพร่เมื่อ 22 ธ.ค. 2020
- I had the opportunity to present at Mystikcon in December 2020 on Android Application Pentesting. In this talk I cover all the basic components of Android app and then talked about Static and Dynamic Analysis (with demos). I hope you find this video useful and please feel free to comment if you have any questions related to Android App Pentesting.
My Twitter: / _r00t_
Disclaimer: This presentation is meant to help those interested in Ethical Hacking practices, to audit their own applications and develop security skills. Please do not use anything learned from this videos for malicious activity. Hacking is a crime and illegal and this presentation does not condone or approve hacking in any way. I take no responsibility for how you choose to use the information presented here.
Please let me know if you are interested in Android App Pentesting series in the comment section below. Please like the video and subscribe to my channel if you are interested in Android App Pentesting series. Please share this video with others if you found this talk useful. Thanks
Why your not uploading videos
I'm a junior pentester and I'm interested in the android app pentest.
Keep them coming brother!!!
Links provided to GitHub repos where they at?
Yes please make more details video related to andriod apps vulnerabilities and submitted these reports
04:00 APK 05:38 manifest 06:37 classes.dex 07:12 res 07:43 META-INF 09:19 demo, unzip 10:55 apk decompilation, jadx, static analysis, mobsf 14:05 apktool 17:22 MOBSF, docker container, drag n drop, false positive 21:20 hardcoded credentials 23:26 classes.dex, jd-gui, jar file 26:12 Activities 28:17 implicit intent 30:05 broadcast receivers 31:35 services 32:10 content provider 33:41 dynamic analysis 34:56 frida, drozer, RMS, objection 35:55 frida, ssl pinning, aws keys on the fly, genymotion 38:38 frida set up 40:00 dynamic analysis 43:10 all running processes, packages
Underrated comment
Such a great quality of content provided in this session. Thank you for uploading it, and hoping for upcoming videos on mobile penetraion testing with more deeper approaches and concepts.👍
Thanks a lot for this amazing talk! You’re great at breaking down key concepts in a beginner friendly way.
this is really the video I was looking for, thank you very much.
I saw that you were not very active anymore but thanks for teaching me all this.
Amazing video! I have been performing web/infra pentesting for a while and just started my journey with the mobile testing. This video sorted out the methodology I should start with in a great way. Thanks bro and keep creating such videos!
You're most welcome 🤗
This is excellent... im in the middle of a bug bounty that requires some android pentesting knowledge. The video really helped.
The video was of good quality..I'm testing an android app, at least now I know where to get started. Upload more videos for Static analysis. This one was helpful
Thank You so much!! I appreciate such an easy to understand and informative introduction to app pentesting.
yes we are highly interested to learn new things from you
best video for me, When can we expect the series for it + You are a great teacher 👍
i don't now how to say thank you man pls we need more videos in Statics Analysis
Sir it's really helpful plzz posts more video's ❤️ .i am from India
Very well done! Thank you for sharing :)
The best video in my week
Thanks alot 😘
Sir, do you have any lectures privilege escalation vulnerabilities or can you please
mention any relevant sources for those that can research into
Awesome and Thank you so much from Pakistan. Amazing quality content
very nice introductory video!
wow this was a great talk, thanks a lot!
Thanks a lot for the feedback. Glad you found the video useful ☺️
MOBSF Rules! Love that now there's a Docker image.
It's ok but it produces lots of False positives.
Is there videos based on android application's vulnerabitily analysis using common tools..
Wow, Thanks a lot.
thank you so much, this video has opened my way to android pentesting
Wow this comment made my day. I am so glad that you found this video useful. I'll upload more videos soon. Happy holidays everyone!!
@@WiseFoxSecurity Real useful, android pentesting was always mysterious to me, after this, then my plan for 2022 is to go for android pen testing, I have already subscribed to your channel and whoever asks me about android hacking I will recommend your channel, keep up great video. thank you for your free knowledge, waiting for more
Awesome road maps for implementation
I had adb on my android device, and it went completely over my head to use it on the linux. I was trying to tunnel my tcp traffic, which is a not nearly as fluid as that. 😅 I feel so silly - thank you for the reminder & useful information 🙌✨
Haha yes the ADB way is easier. I have tried TCP tunneling in the past but never got used to it for some reasons haha
@@WiseFoxSecurity ADB doesn’t require you to make so many configurations and changes to your network to get the outcome of which you’re looking compared to TCP tunneling. I’m sure there’s benefits to it that I’m too ignorant to understand, at this point, that I’m missing out on, but ADB is a brilliant option.
Not sure if you’ve used it, and would be curious on your opinion of NordVPN Meshnet?
Thank you so much for this tutorial, kudos to you.
Keep sharing content like this.
Stay safe👍
Thanks a lot for the feedback. Yes that's the plan ☺️
@@Reacher6207 please provide more content on the same, that's really helpful for me atleast
in some apps ssl bypassed failed to get request so what we can do more ?
what check should we implement to prevent the password hack ?
Where are the APK you mentioned to download for practice?
Thanks for this tutorial
Thankyou sir
Super video sir
nice!!
54:58 Approach
Install app in emulator such as
Static analysis, hardcoded key/secrets using tools such as mobsf
Dynamic analysis,
Use Frida
Please go ahead
how to use bria from burpsuite
thanks!
Can you please tell me how can i download any application apk if want to perform the pentesting on that apk.
Nice job
Sir please make full video in PIVAA practical..
can you pls tell me where I can find all links of your "some useful links" slide?
54:00 he did mention it on the video
plz make a video on mob sf installation on kali Linux and windows
Possible to change the code and recompile the apk? I want to bypass an sms verification
👌
does this work on app built with reactNative?
or only java?
what is the IOS simulator for windows? like genymotion
not possible... only for mac
Plz make more videos for android app model
hi thanks for your best tutorial just teach more on real application like application that have dexguard and we can't read they code
can you share all links in the useful link section?
54:00 he did mention it on the video
Make so many videos for this 👩💻
Buenas, alguien me puede recomendar por favor un buen curso o certificación de mobile hacking para aplicaciones ios y android?, gracias!!!
Best books for android penetration without android hackers handbook and mobile application hacker's handbook both are outdated
Somone hack cambly for me? ❤️❤️