Android Application Penetration Testing - Part 1

A presentation at Android Penetration Testing Part 1 in December 2021 in India by Raja Nagori

Slide 1

Slide 1

Android Application Penetration Testing Raja Nagori

Slide 2

Slide 2

$ Whoami • Raja Nagori • Cyber Crime Intervention Officer by ISAC (NSD). • Synack Red Team Member • OWASP Open Source Contributor • Bachelor’s Degree in Computer Science Engineering • LinkedIn : https://www.linkedin.com/in/raja-nagori/

Slide 3

Slide 3

Course Content • Mobile application penetration testing resources • Testing Process • Web Application Penetration Testing Process • Android Penetration Testing Process • Android Penetration Testing walkthrough with setup

Slide 4

Slide 4

Android Penetration Testing – Lab Setup • Android Security Architecture • Basic of Android Security • Lab Environment setup • Kali Linux • JDAX-GUI • Apktool • MobSF

Slide 5

Slide 5

Android Penetration Testing – Static Analysis of apk • Any Vulnerable apk available open source • Statis Analysis • Android Manifest • Activities • Content Providers • Firebase • Storage Buckets • Automated analysis using MobSF framework • Stored Secrets/ API Keys

Slide 6

Slide 6

Android Penetration Testing – Dynamic Analysis of apk • Introduction to SSL Pinning • Bypassing SSL Pinning with BurpSuite • Introduction to Frida/Objection • Working with Frida • Working with Objection • Reverse engineering of apk • Dumping Memory and Sensitive Data • Run time local storage analysis

Slide 7

Slide 7

See you on next chapter of this series