Android is awesome. Period.
If you are an application security enthusiast, we are sure that you must have wondered what it takes to find security issues in android apps. These android apps handles a huge amount of sensitive user data, perform critical functions and are a big part of day to day life. The security of these apps should be of utmost importance.
This course is designed to teach the skills required for testing android apps for security issues like insecure data storage, insecure communication, deep link exploitation and a lot more. The training apps are provided in the course to practice the learned skills. All the attendees will also be given access to a private slack channel to discuss about any issues, topics etc.
Learn
Android
Application
Security
Course Curriculum
- App Compilation (2:24)
- Android APK File Structure (9:55)
- Understanding Classes.dex (7:29)
- Understanding Android Manifest (15:33)
- Android App Components - Activity (6:25)
- Android App Components - Intent (9:44)
- Android App Components - Fragments (8:10)
- Android App Components - Content Providers (20:45)
- Android App Components - Services (11:37)
- Android Inter Process Communication (8:20)
- Android App Components - Receivers (6:30)
- Application Signing (7:45)
- Dynamic Analysis - Info Gathering (14:18)
- Dynamic Analysis - Debugging (22:57)
- ADB In Action - Part 1 (23:24)
- ADB In Action - Part 2 (16:24)
- Intercepting Network Traffic (19:27)
- Understanding SSL Pinning (11:57)
- Deciphering SSL Pinning Implementation (28:01)
- Bypassing SSL Pinning with Frida (28:24)
- Understanding Frida Script For SSL Pinning Bypass (16:37)
- Objection in Action (12:30)
- Bypassing Root Detection (31:30)
- Sensitive Data Leakage via Logs (19:36)
- Unintentional Data Leakage (10:58)
- Local Data Storage Analysis (16:30)
- Exploiting Broadcasts (15:11)
- Exploiting Media Projection API (16:43)
- Finding & Exploiting Deeplink (17:55)
- The Hidden Code (7:58)
- Android OS Architecture and Permission Model (17:20)
- Android App components (9:42)
- Various types of Mobile Apps (12:24)
- Genymotion Emulator & Mobexler Setup (7:22)
- Getting started with adb (15:38)
- Setting up Proxy(MITM) (13:22)
- Analyzing APK manually (11:22)
- Challenge solution (10:46)
- Mobile Security Framework (6:40)
- Bypassing SSL Pinning using Frida and Objection (8:59)
- Bypassing SSL Pinning using Xposed framework (2:18)
- Additional Video - Android Network Traffic Capture (11:59)
- Xposed framework module (4:26)
- Sensitive data leakage via logs (8:48)
- Unintentional data leakage (8:50)
- Insecure Data Storage (8:58)
- Exploiting Android broadcasts (Intent Sniffing) (6:43)
- Media Projection in Android (7:45)
- Understanding Android Links (Deeplinks) (4:59)
- Finding & exploiting Deep links (8:02)
- Patching Android Apps with Objection (8:47)
- Introduction to Drozer (6:55)
- Dynamic Analysis using Drozer (16:34)
- Scripting Drozer Module (16:51)
- Static analysis of Xamarin Apps (15:48)
Your Instructor
Enciphers is an information security consulting and training company, specialised in Web, Mobile & Cloud security. Having over a decade of experience in penetration testing & consulting, we love to teach what we do. Join the training and start an amazing journey of learning, through hands-on labs, advance course content & ultra-fast support.
For more information, please visit www.enciphers.com
Get Started
Now!
Frequently Asked Questions
What's unique about this training?
There are lots of unique things actually, for eg; the training lab applications do not require any local setup. They are a real world like apps. In order to ease the communication and provide a support channel, all attendees will be given access to our private slack channel. Once enrolled, you will have access to the training content for as long as the training portal lives. Even the new content added in training, will be accessible at no added cost.
What if I face any technical issues or need help in understanding some topics?
We totally understand this, and for the same reason, all the training attendees will be given access to a private slack channel. This slack channel will have other attendees as well as the trainer to discuss and help each other. Also, feel free to contact us.
Are there any pre-requisites for this course?
We expect the attendees to know some very basics of information security and penetration testing, knowledge of basic linux commands and utilities. Burp is also used in some modules and hence a basic knowledge of burp suite is also helpful. You will also need to have a test device (or access to android emulator), a good working laptop with administrative privilege.
Are refunds available if I do not like the course?
No. Unfortunately we do not offer any refund as we want the attendees to spend time and effort not just on the video content but also on the hands on lab provided. As the course fee is for video content as well as the lab access, we can't offer refunds. Though, if you are facing any specific issue, we would love to fix that for you. Just contact us through the slack channel or email and we will make sure we do the required improvement (if applicable).
When does the course start and finish?
The course starts now and ends when you want! It is a completely self-paced online course - you decide when you start and when you finish. Your access on the course and lab content will not be revoked for a minimum of 1 year. Even after one year, the access to course and lab will be active unless a decision from ENCIPHERS comes, about changing the access.