Learn how to hack Android apps and obtain Android bug bounties
Free tutorial
2,573 students
1hr 52min of on-demand video
Created by Scott Cosentino
English
English [Auto]
Current priceFree
What you’ll learn
- Setting up Android Studio and Emulators
- Basics of adb
- Decompiling and Recompiling apks
- Drozer
- Burp Suite
- Code Modification Exploits
- Finding code backdoors
- Activity Exploits
- Broadcast exploits
- Content provider injection
- Access control issues
- Scoring Vulnerabilities with CVSS
Requirements
- A basic understanding of programming and app development is recommended
Description
In this course, I will walk you through the process of penetration testing applications to find vulnerabilities and earn bug bounties. We will analyze a vulnerable Android app, and see how vulnerabilities can be found using tools such as:
- Drozer
- Dex2Jar
- Jadx
- ApkTool
- Adb
- Burp Suite
Learn about dynamic and static analysis to become an expert at finding Android exploits!
Who this course is for:
- Android developers looking to secure their applications
- Hackers looking to learn common Android vulnerabilities
- Bug Bounty participants looking to target Android apps
- People looking to expand their knowledge of Computer Security
Show less
Course content
8 sections • 20 lectures • 1h 52m total lengthCollapse all sections
Lab Setup4 lectures • 22min
- Installing Python and Android Studio08:15
- Setting up Decompilation Tools04:46
- Setting up the Insecure Bank App05:21
- Creating a Rooted Emulator04:07
Information Gathering5 lectures • 38min
- Setting up Burp Suite for Android07:49
- Analyzing Server Interaction with Burp Suite10:36
- Pulling Apk Files from Android Devices03:11
- Decompiling APKs with Apktool and Dex2Jar08:44
- Installing Drozer and Scanning Attack Surfaces07:24
APK modification exploits2 lectures • 16min
- Modifying Resource Files to Gain Escalated Privileges07:34
- Modifying Smali Code to Bypass Root Detection08:53
Insecure Authentication Exploits2 lectures • 7min
- Login Backdoors03:27
- Exploting Unprotected Activities03:55
Insecure Storage Exploits3 lectures • 11min
- Exploiting Poorly Implemented Cryptography04:36
- Analyzing SQLite Storage01:54
- Analyzing Logcat for Information Disclosures04:21
Broadcast and Content Provider Exploits2 lectures • 10min
- Exploiting Broadcast Receivers06:23
- Exploiting Content Providers04:02
General Bug Bounty Tips1 lecture • 7min
- CVSS Scoring and Report Tips06:54
Bonus Resources1 lecture • 1min
- Bonus Resources00:03
