Table of Contents
Loading contents...
README.md
AllThingsAndroid
This is a collection of writeups, cheatsheets, videos, related to Android Pentesting during my learning journey.
This is currently work in progress I will add more resources as I find them.
Created By @jdonsec
Learning Materials
- NAHAMSEC - Mobile Hacking
- OWASP - Mobile Security Testing Guide
- Deesee Blog - Android Application Hacking Resources
- Maddie Stone - Android App Reverse Engineering 101
- Hacker101 - Mobile Hacking Crash Course
- MOBISEC - Mobile Systems and Smartphone Security
- Kamil Vavra - How to bypass Android certificate pinning and intercept SSL traffic
Learning Videos
- A must follow on medium Vickie Li - An Android Hacking Primer
- Virseccon 2020 - B3nac Android Hacking VirSecCon2020 talk
- Presenters: Joff Thyer and Derek Banks - Android App Penetration Testing 101
- Speaker: Nikita Stupin, Mail.ru - Vulnerabilities of mobile OAuth 2.0
- Bugcrowd Ben Actis LevelUp 2017 - Advanced Android Bug Bounty skills
Vulnerable Applications
Tools
- B3nac - Youtube Channel
- Sensepost - objection - Runtime Mobile Exploration
- MobSF - Mobile-Security-Framework-MobSF
- APK Downloader -APKPURE
- Matlink - gplaycli is a command line tool to search, install, update Android applications from the Google Play Store.
- ADB Shell - Commands
Writeups
- Negativewives - A New Way Of Brute force Passcode/Pin Protection By deep link
- Negativewives - Exploitation of Improper Export of Activities In Android Application
- Negativewives - Passcode Protection Bypass By Brute Forcing On zoho (Cliq Application)
- Ivan - Tips for Mobile Bug Bounty Hunting
- Elliot Anderson - Tweeter Mega Thread on Android Security
Hackerone Reports
-Avinash (dedsec69) - IDOR leading to downloading of any attachment
Videos/POC
Tool Information
Related Tools
RedTeaming_CheatSheet
Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
Stable
SecPayloads
Sec-Payloads, It's a collection of multiple types of lists used during security assessments & used for bug bounty hunting or penetration testing, collected in one place. List types include xss, sqli, sensitive data patterns, fuzzing payloads, web shells, and many more.
Stable
BugBountyBooks
A collection of PDF/books about the modern web application security and bug bounty.
Stable