Android Application Pentesting - Mystikcon 2020
HTML-код
- Опубликовано: 22 дек 2020
- I had the opportunity to present at Mystikcon in December 2020 on Android Application Pentesting. In this talk I cover all the basic components of Android app and then talked about Static and Dynamic Analysis (with demos). I hope you find this video useful and please feel free to comment if you have any questions related to Android App Pentesting.
My Twitter: / _r00t_
Disclaimer: This presentation is meant to help those interested in Ethical Hacking practices, to audit their own applications and develop security skills. Please do not use anything learned from this videos for malicious activity. Hacking is a crime and illegal and this presentation does not condone or approve hacking in any way. I take no responsibility for how you choose to use the information presented here.
Please let me know if you are interested in Android App Pentesting series in the comment section below. Please like the video and subscribe to my channel if you are interested in Android App Pentesting series. Please share this video with others if you found this talk useful. Thanks
Why your not uploading videos
I'm a junior pentester and I'm interested in the android app pentest.
Keep them coming brother!!!
Links provided to GitHub repos where they at?
Yes please make more details video related to andriod apps vulnerabilities and submitted these reports
04:00 APK 05:38 manifest 06:37 classes.dex 07:12 res 07:43 META-INF 09:19 demo, unzip 10:55 apk decompilation, jadx, static analysis, mobsf 14:05 apktool 17:22 MOBSF, docker container, drag n drop, false positive 21:20 hardcoded credentials 23:26 classes.dex, jd-gui, jar file 26:12 Activities 28:17 implicit intent 30:05 broadcast receivers 31:35 services 32:10 content provider 33:41 dynamic analysis 34:56 frida, drozer, RMS, objection 35:55 frida, ssl pinning, aws keys on the fly, genymotion 38:38 frida set up 40:00 dynamic analysis 43:10 all running processes, packages
Underrated comment
Thanks a lot for this amazing talk! You’re great at breaking down key concepts in a beginner friendly way.
Such a great quality of content provided in this session. Thank you for uploading it, and hoping for upcoming videos on mobile penetraion testing with more deeper approaches and concepts.👍
Amazing video! I have been performing web/infra pentesting for a while and just started my journey with the mobile testing. This video sorted out the methodology I should start with in a great way. Thanks bro and keep creating such videos!
You're most welcome 🤗
This is excellent... im in the middle of a bug bounty that requires some android pentesting knowledge. The video really helped.
this is really the video I was looking for, thank you very much.
I saw that you were not very active anymore but thanks for teaching me all this.
Thank You so much!! I appreciate such an easy to understand and informative introduction to app pentesting.
The video was of good quality..I'm testing an android app, at least now I know where to get started. Upload more videos for Static analysis. This one was helpful
Sir it's really helpful plzz posts more video's ❤️ .i am from India
yes we are highly interested to learn new things from you
best video for me, When can we expect the series for it + You are a great teacher 👍
Very well done! Thank you for sharing :)
i don't now how to say thank you man pls we need more videos in Statics Analysis
MOBSF Rules! Love that now there's a Docker image.
It's ok but it produces lots of False positives.
The best video in my week
Thanks alot 😘
Awesome and Thank you so much from Pakistan. Amazing quality content
very nice introductory video!
wow this was a great talk, thanks a lot!
Thanks a lot for the feedback. Glad you found the video useful ☺️
Sir, do you have any lectures privilege escalation vulnerabilities or can you please
mention any relevant sources for those that can research into
thank you so much, this video has opened my way to android pentesting
Wow this comment made my day. I am so glad that you found this video useful. I'll upload more videos soon. Happy holidays everyone!!
@@WiseFoxSecurity Real useful, android pentesting was always mysterious to me, after this, then my plan for 2022 is to go for android pen testing, I have already subscribed to your channel and whoever asks me about android hacking I will recommend your channel, keep up great video. thank you for your free knowledge, waiting for more
Wow, Thanks a lot.
I had adb on my android device, and it went completely over my head to use it on the linux. I was trying to tunnel my tcp traffic, which is a not nearly as fluid as that. 😅 I feel so silly - thank you for the reminder & useful information 🙌✨
Haha yes the ADB way is easier. I have tried TCP tunneling in the past but never got used to it for some reasons haha
@@WiseFoxSecurity ADB doesn’t require you to make so many configurations and changes to your network to get the outcome of which you’re looking compared to TCP tunneling. I’m sure there’s benefits to it that I’m too ignorant to understand, at this point, that I’m missing out on, but ADB is a brilliant option.
Not sure if you’ve used it, and would be curious on your opinion of NordVPN Meshnet?
Thank you so much for this tutorial, kudos to you.
Keep sharing content like this.
Stay safe👍
Thanks a lot for the feedback. Yes that's the plan ☺️
@@Reacher6207 please provide more content on the same, that's really helpful for me atleast
Awesome road maps for implementation
Thanks for this tutorial
Thankyou sir
in some apps ssl bypassed failed to get request so what we can do more ?
Is there videos based on android application's vulnerabitily analysis using common tools..
what check should we implement to prevent the password hack ?
Super video sir
Where are the APK you mentioned to download for practice?
Sir please make full video in PIVAA practical..
Can you please tell me how can i download any application apk if want to perform the pentesting on that apk.
thanks!
nice!!
how to use bria from burpsuite
Nice job
Possible to change the code and recompile the apk? I want to bypass an sms verification
plz make a video on mob sf installation on kali Linux and windows
👌
hi thanks for your best tutorial just teach more on real application like application that have dexguard and we can't read they code
Please go ahead
Plz make more videos for android app model
can you pls tell me where I can find all links of your "some useful links" slide?
54:00 he did mention it on the video
54:58 Approach
Install app in emulator such as
Static analysis, hardcoded key/secrets using tools such as mobsf
Dynamic analysis,
Use Frida
Buenas, alguien me puede recomendar por favor un buen curso o certificación de mobile hacking para aplicaciones ios y android?, gracias!!!
Make so many videos for this 👩💻
does this work on app built with reactNative?
or only java?
can you share all links in the useful link section?
54:00 he did mention it on the video
what is the IOS simulator for windows? like genymotion
not possible... only for mac
Best books for android penetration without android hackers handbook and mobile application hacker's handbook both are outdated
Somone hack cambly for me? ❤️❤️