Setup Device
Introduction
- How to understand the Android Architecture
- How to understand Android UID
- How to understand the .apk file
- How to understand Intents
- How to understand Intents (2)
Emulator
- How to install Android Studio
- How to start Android Emulator (AVD)
- How to set Genymotion (Android emulator)
- How to install .apk on emulator
- How to fix an error of certificates after install an .apk
- How to install droid4x
- How to root Android Studio Emulator (AVD) with Magisk
- How to setup Frida for Android Studio Emulator (AVD)
Tools
- ดึงไฟล์ .apk จาก Playstore
- How to install LSPosed Framework – Android (Android 8.1 ~ 12)
- How to access android via SSH using SSH server
- How to obtain .apk file installed from the devices (App path)
- How to set Drozer
- How to fix Drozer that could not find Java Path
- How to retrieve the package information via ADB
- How to retrieve the package information via Drozer
- How to retrieve the each package information via Drozer
- How to read Android application permissions
- How to install Mobile-Security-Framework-MobSF
- How to install Mobile-Security-Framework-MobSF (Docker)
- How to use QARK (Quick Android Review Kit)
- How to setup Frida for jailbroken device
- How to setup Frida for Emulator (Genymotion)
Vulnerable Mobile Apps
- How to set GoatDroid (FourGoats)
- How to set GoatDroid (Herd Financial)
- How to install sieve.apk on Genymotion Emulator
- How to install DIVA (android)
- How to install InsecureBank
HTTP/HTTPS interception
- การ Export ข้อมูล Public Key ของ Burp Suite
- ตั้งค่า Proxy ของ เครื่องโทรศัพท์ Android โดยใช้คำสั่ง
- How to intercept the HTTP traffic via WireGuard
- How to intercept the traffic between application and the server (GoatDroid)
- How to set proxy by using a command (Android Studio)
- How to bypass certificate pinning using TrustMeAlready
- How to bypass certificate pinning using Android-SSL-TrustKiller
- How to bypass certificate pining on Non-root Physical Devices using objection
- How to bypass certificate pining on Non-root Physical Devices manually
- How to intercept traffic other than port 80 and 443 on burp suite
- Install Burp CA as a system-level on Android Studio Emulator
- รวมคำสั่งติดตั้ง CA certificate ของ Burp ใน System รวดเดียว บนเครื่องจริง
Review Vulnerabilities
Reverse engineering and Static analysis
- การ Sign ไฟล์ .apk โดยใช้ uber-apk-signer
- How to reverse engineer .apk (dex2jar via Kali)
- How to reverse engineer .apk (dex2jar via Appie2)
- How to reverse engineer .apk (picked from installation)
- How to reverse engineer .apk – Insecure Bank
- How to access “AndroidMenifest.xml”
- How to access “AndroidMenifest.xml” via Drozer
- How to access “AndroidMenifest.xml” via APKTOOL
- How to discover Developer Backdoor – Insecure Bank
Code modification and Debugging and Run-time analysis
- How to bypass the Emulator Detection – VulnerApp
- How to hook and patch Android Apps Using Cydia Substrate – VulnerApp
- How to make apps debuggable
- How to use ADB Shell Commands (Connection)
- How to use ADB Shell Commands (Debugging)
- How to use ADB Shell Commands (File Manager)
- How to use ADB Shell Commands (Package Manager)
- How to use ADB via Appie2
- How to connect ADB shell on mobile device
- How to bypass the Root Detection
- How to bypass the Root Detection – Hide My Root
- How to bypass the Root Detection (debug android using JDWP) – Insecure Bank
- How to bypass the Root Detection (Frida) – Insecure Bank
- How to access the android data folder when get access denied by using adb
- How to exploit the debuggable application (DIVA)
Security Decisions Via Untrusted Inputs
- How to test the Security Decisions Via Untrusted Inputs – Android
- How to find “Exported Activities” using Drozer
- How to invoke Activities from other application
- How to invoke Activities from other application – Insecure Bank (1)
- How to invoke Activities from other application – Insecure Bank (2)
- How to read “Content Providers” using Drozer – Sieve
- How to read “Content Providers” using Drozer – Insecure Bank
- How to exploit SQL Injection via “Content Provider” using Drozer – Sieve
- How to exploit Directory Traversal via “Content Provider” using Drozer – Sieve
- How to exploit flawed “Broadcast Receivers” using ADB – Insecure Bank
- How to inject/fuzz Intents to DOS – Insecure Bank
- How to exploit the Android Services using Drozer– Sieve
Client side injection
- How to exploit SQL injection (SQLite) – INPUT VALIDATION ISSUES – PART1
- How to exploit Directory Traversal – INPUT VALIDATION ISSUES – PART2
- How to exploit Android with Kali
- How to exploit Android with Kali 2 (signed certificate)
- How to exploit the “addJavascriptInterface” vulnerability
Unintended Data Leakage
- How to find the sensitive information in LogCat
- How to read Logcat by using ADB
- How to read LogCat by using Appie2
- How to find the sensitive information in Heap Memory using ADT – InsecureBank
- How to read the “Copy/Paste” Buffer Caching – Sieve
- How to extract the Backup data – Insecure Bank
- How to disable/enable Android predictive text
Insecure Data Storage
- How to review Insecure Data Storage
- How to test Insecure Data Storage – Part 1 (DIVA)
- How to test Insecure Data Storage – Part 2 (DIVA)
Poor Authentication And Authorization
- Biometric Authentication – Android
- How to enumerate usernames via New User Registration
- How to find the hidden menu (Application Patching) – Insecure Bank
- How to bypass login using Frida – Sieve
- How to brute force PIN using Frida – Sieve
Weak Encryption