A presentation at Android Penetration Testing Part 1 in in India by Raja Nagori
Android Application Penetration Testing Raja Nagori
$ Whoami • Raja Nagori • Cyber Crime Intervention Officer by ISAC (NSD). • Synack Red Team Member • OWASP Open Source Contributor • Bachelor’s Degree in Computer Science Engineering • LinkedIn : https://www.linkedin.com/in/raja-nagori/
Course Content • Mobile application penetration testing resources • Testing Process • Web Application Penetration Testing Process • Android Penetration Testing Process • Android Penetration Testing walkthrough with setup
Android Penetration Testing – Lab Setup • Android Security Architecture • Basic of Android Security • Lab Environment setup • Kali Linux • JDAX-GUI • Apktool • MobSF
Android Penetration Testing – Static Analysis of apk • Any Vulnerable apk available open source • Statis Analysis • Android Manifest • Activities • Content Providers • Firebase • Storage Buckets • Automated analysis using MobSF framework • Stored Secrets/ API Keys
Android Penetration Testing – Dynamic Analysis of apk • Introduction to SSL Pinning • Bypassing SSL Pinning with BurpSuite • Introduction to Frida/Objection • Working with Frida • Working with Objection • Reverse engineering of apk • Dumping Memory and Sensitive Data • Run time local storage analysis
See you on next chapter of this series
for free. You
can too.