Table of Contents
Loading contents...
README.md
AllThingsAndroid
This is a collection of writeups, cheatsheets, videos, related to Android Pentesting during my learning journey.
This is currently work in progress I will add more resources as I find them.
Created By @jdonsec
Learning Materials
- NAHAMSEC - Mobile Hacking
- OWASP - Mobile Security Testing Guide
- Deesee Blog - Android Application Hacking Resources
- Maddie Stone - Android App Reverse Engineering 101
- Hacker101 - Mobile Hacking Crash Course
- MOBISEC - Mobile Systems and Smartphone Security
- Kamil Vavra - How to bypass Android certificate pinning and intercept SSL traffic
Learning Videos
- A must follow on medium Vickie Li - An Android Hacking Primer
- Virseccon 2020 - B3nac Android Hacking VirSecCon2020 talk
- Presenters: Joff Thyer and Derek Banks - Android App Penetration Testing 101
- Speaker: Nikita Stupin, Mail.ru - Vulnerabilities of mobile OAuth 2.0
- Bugcrowd Ben Actis LevelUp 2017 - Advanced Android Bug Bounty skills
Vulnerable Applications
Tools
- B3nac - Youtube Channel
- Sensepost - objection - Runtime Mobile Exploration
- MobSF - Mobile-Security-Framework-MobSF
- APK Downloader -APKPURE
- Matlink - gplaycli is a command line tool to search, install, update Android applications from the Google Play Store.
- ADB Shell - Commands
Writeups
- Negativewives - A New Way Of Brute force Passcode/Pin Protection By deep link
- Negativewives - Exploitation of Improper Export of Activities In Android Application
- Negativewives - Passcode Protection Bypass By Brute Forcing On zoho (Cliq Application)
- Ivan - Tips for Mobile Bug Bounty Hunting
- Elliot Anderson - Tweeter Mega Thread on Android Security
Hackerone Reports
-Avinash (dedsec69) - IDOR leading to downloading of any attachment
Videos/POC
Tool Information
Related Tools
OSEPlayground
A collection of useful tools and scripts were developed and gathered throughout the Offensive Security's PEN-300 (OSEP) course.
Stable
linux-space-booster
Linux Space Booster is an advanced, secure disk space cleanup utility specifically designed for Linux virtual machines. It intelligently cleans caches, logs, and temporary files to reclaim valuable disk space without risking system stability or user data.
Stable
RedTeaming_CheatSheet
Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
Stable