Android Penetration Testing 101

Android Penetration Testing 101 course is designed mainly for beginners who want to start their journey in android security but have no idea how to create and where to start.

This course gives you complete knowledge beginning from the android architecture to the analysis of the android application with all the attack vectors you learned.

In this course, we have demonstrated static analysis of android applications concerning all the frameworks( Reactnative, Java, flutter, Cordova) with the help of unique tools such as Jadx, Jeb decompiler, and GDA decompiler. Along with that, we have demonstrated automated scanners like MOBSF from installation to the dynamic analysis of the app. Also, we have discussed the common vulnerabilities that can be identified during the static analysis and the endpoints that we can look for.

The most exciting part of any Penetration testing is Dynamic analysis; In this course, we discussed why mobile applications need dynamic analysis and its role in hunting vulnerabilities. We have demonstrated setting up the lab for dynamic analysis( we preferred a burp suite with genymotion).

The primary concept in the dynamic analysis is SSL-PINNING; we have discussed all the ideas regarding SSL-pinning and demonstrated bypassing methods of SSL in android.

We have discussed excellent dynamic illustration tools like Frida and objection and demonstrated the setup.

In the end, we have performed live dynamic analysis on the android application and discussed common vulnerabilities that, can be identified during the dynamic analysis, the endpoints that we can look for, and how to find sensitive information in the app’s database.

To make your pentesting smoother, we provided an Android pentesting checklist, which might come in handy during your Real-time analysis.