-
Lab- Setup
- Android Emulator / Physcial Device
- Magisk & Xposed Framework Installation
- Jadx & Apktool & Dex2jar
- Burpsuite & Frida
- Mobsf
- Android Studio
-
Part 2: Download & Installation
- Https://apps.evozi.com/apk-downloader/ Or Https://apkcombo.com/
- From Playstore
- Using Adb
-
Sec-1: Insecure Data Storage
- Sensitive Info Leakage Through Logs
- Copy/paste Buffer Caching
- Hardcoded Sensitive Data Like Api-keys, Credentials, Any Salt , Token Etc.
- Keyboard Press Caching
- Url Caching And Browser Cookie Objects
- Hardcoded Sensitve Data
- Insecure Local Storage Of Sensitive Data
- Sensitive Data Leakage Via Memory Leakage
- Backups For Sensitive Data
-
Sec 2: Ipc / Component Exploitation
- Exploit Exported Acitivity
- Exploit Exported Receiver
- Exploit Content Provider
- Misconfig Intent & Intent Filter
- Exploit Content Provider
- Misconfig App/deep Link
- Improper Webview Implementation
-
Sec 3 : Weak Cryptography
- Poor Key Managment Process
- Weak Hashing & Encryption
- Unencrypted Database Files
- Use Of Insecure Algorithm
-
Sec 4 : Reverse Engineering / Debugging
- Unauthorized Code Modification
- Insecure Version Of Os Installation Allowed
- Code Obfuscation
-
Sec 5: Runtime Analysis
-
Client/server Side Attack
- SQl Injection
- Cross Site Scrpting
- Injections like XML ,XXE etc.
- Application Level Dos
-
Inseucre Authentication
- No token/session Implementation
- Improper token/Session Implementation
- miconfig Oauth2 Flaw
- Authentication Bypass by chaining
- Subtopic 4
-
Broken Access Control (BAC)
- IDOR & Privielege Escalation
- Unatuhorizes Api Call
-
BY 1: Application Restriction Bypass
-
SSL PINNING BYPASS
- By Xposed
- BY Frida
- Reversing
-
ROOT BYPASS
- Magisk Hide
- Xposed
- Frida
- Reversing
-
2FA/Passcode/Pin protection bypass
- Exported IPC Component
- Response Manipulation
-
login bypass/Account takeover
- SQL INJECTTION
- CREDENTIAL BRUTEFORCING
- Response Manipulation
- Main Topic 9