Danh mục
Development
Web Development Data Storage Git Automation Database Design Web Scraping
Business
Business Analysis Communication Project Management Sales Forecasting Business Strategy Operations Management Human Resources Oil and Gas Industry
Finance & Accounting
IT & Software
Office Productivity
SAP Word Excel PowerPoint Excel VBA SharePoint
Personal Development
Persuasion Notion Workspace Mind Mapping
Design
Design Sketching Typography Game Design Digital Art zBrush 3D Animation
Marketing
SEO Marketing Strategy YouTube Marketing Digital Marketing Facebook Marketing Growth Hacking Twitter Marketing Instagram Marketing
Lifestyle
Beer Brewing Beauty Home Repair Energy Healing Bartending Leather Crafting Makeup Artistry Hypnotherapy
Music
Piano Guitar Singing Music Production Acoustic Guitar Fingerstyle Guitar Music Theory Bass Guitar
Duocmmo Tedu Tin học văn phòng Khoá học miễn phí Tất cả khoá học
Get link khoá học
Trang chủ
IT & Software
Network & Security
Ethical Hacking
Android App Hacking - Black Belt Edition

Android App Hacking - Black Belt Edition

Loại khoá học: Network & Security

Becoming the lead expert in android app security

image
50.000 VND
95 VND
Đầy Đủ Bài Giảng
Học Online Tiện Lợi
Kích Hoạt Nhanh 2-5 Phút
Thanh toán tự động
Được phép tải xuống

Tổng quan

Nội dung khoá học

Đánh giá

Mô tả

In this course you will learn absolutely everything about android app hacking. This course teaches you the ethical principles and enables you to become the top expert of your company regarding to app security. We learn really complex attacks in the most funny way that's possible, by hacking a mobile game.


Legal note:

The game we are going to hack is licensed under the GNU GPL, which means, we are allowed to perform such modifications. Hacking apps without having the permission of the author is strongly forbidden! The things you learn are related to security research. I am teaching you all of this in a legal and ethical way.


Course - Structure:


In the installation chapter we will analyze different smartphone setups, their strength and their weaknesses. We unlock our device and use certain features to already start hacking our first apps. We will learn how to analyze bluetooth low energy connections and get familiar with the Android Debug Bridge (ADB).


We move on to the android app structure. Here we gain a rock solid understanding about the key components of an android app. We will analyze the AndroidManifest.xml and learn how to exploit activities, broadcast receiver and content provider. We will write our own small apps to exploit SQL injections and path traversals.


Afterwards we take a deep dive into reverse engineering. We will learn how to decompile an android app and reconstruct the Java code. We will have a look at different decompilers and create flow- and call graphs to deal with highly obfuscated apps. Finally a nice application is waiting for us to practice all the things we have learned so far.


Then we have the treasure of this course, the SMALI chapter. SMALI is like an assembly language of an android application and gives us unlimited power in hacking them. We practice our skills by modifying our mobile game to have infinite lives, become invisible or invincible. We add multiple player shots, manipulate the fire rate and many more.


In the man-in-the-middle chapter we will learn how to analyze the network traffic of a mobile app. We will gain an understanding about HTTPS and how to analyze these connections. We will learn how certificate pinning works and bypass several different types of it.


The last thing that is missing is FRIDA, which is an amazing framework to perform runtime manipulations within an app. We will hook into the pseudorandom number generator (PRNG) to modify a dice application. We will learn how to scan the memory for certain instances and how to interact with the UI thread of an app. We will create new objects and practice all of this by writing our own trainer for a gaming application. The cherry on top will be the analysis of a native c function with Ghidra and the manipulation and modification with FRIDA.


After getting through all these chapters you will be the top expert in android app security of your company. Therefore, what you are wainting for? :)

Bạn sẽ học được gì

Deep understanding of the android app structure

How to exploit Activities, BroadcastReceiver and ContentProvider (SQL injection & Path Traversal)

Bypassing Rooting Detection (SMALI and FRIDA)

Bypassing Certificate Pinning (SMALI and FRIDA)

Performing a man-in-the-middle attack

Analyzing-/ Manipulating the network traffic of a mobile app

Creating call- and flow graphs to reverse engineer strong obfuscated apps

Manipulating Java and C/C++ methods (FRIDA & SMALI)

Reading- / Writing SMALI code

Injecting own (custom) code into existing applications

Deep understanding of the android permission model

Modifying games (infinite lives, high score, invisble, invincible) - Writing a trainer

Analzying bluetooth low energy connections

Dealing with different encryption types (e.g. AES)

Deep- / Web- / App-Links (Bug Bounty)

Reversing native libraries with Ghidra

Debugging Java code

Debugging SMALI code (live - with interpreter)

Webvies & JavaScriptInterfaces

Yêu cầu

  • Android knowledge is not required (This course teaches everything)
  • No real smartphone required
  • Laptop / PC

Nội dung khoá học

8 sections

Installation and Setup

13 lectures
Setup - Theory
10:22
Installation (System & Android Studio)
25:38
Emulator - Installation
10:22
Emulator - Usage (Secret Features)
35:10
Androidx86 Virtual Machine - Setup
13:20
Concept
4 questions
Developer Options
11:49
Developer Options - Secrets ( Game Hacking )
23:03
Developer Options - Bluetooth Low Energy Hacking
35:42
Bluetooth Low Energy - Furby App Hacking
19:40
Android Debug Bridge - Theory
10:43
Android Debug Bridge (ADB) - HandsOn (White - Belt)
31:33
Scrcpy for Android version 14
02:40

App Structure

29 lectures
Filestructure of an APK
12:36
Dalvik / Dex
05:21
Classes.dex
06:25
Decompiling - Preperation
07:06
Decompiling - HandsOn
17:10
AndroidManifest.xml
30:11
App - Permissions
26:12
Activities
11:34
Activities - Hacking
35:42
Activity - Bonus (Bypassing Login - Own Application)
20:16
Intents
14:56
Intents - Examples
42:29
Activities and Intents
6 questions
DeepLinks (Theory - 2024)
13:13
DeepLinks (Examples - 2024)
29:46
BroadcastReceiver
22:16
BroadcastReceiver - Hacking (Alarm App)
45:33
BroadcastReceiver - Hacking via own App
19:35
Services
05:33
ContentProvider
15:58
ContentProvider - SQL Injection
51:15
ContentProvider - Database Attacks (SQLi - Permission / Bypass)
49:14
ContentProvider - PathTraversal Attack
48:22
ContentProvider - Path Traversal
4 questions
Broadcast Receiver and Content Provider
8 questions
Application Signing
21:47
Application Signing - Deep Dive
08:31
BlueBox Master Key Vulnerability (Signing)
10:50
Yellow Belt - Challenge
4 questions

Reverse Engineering Android Apps

12 lectures
Dex2Jar
11:34
Jadx-Gui
19:06
Jadx-Gui HandsOn
05:50
Secret Super Weapon
06:31
Reversing Apps
08:01
Creating a CallGraph (CG)
26:21
Creating a FlowGraph (FG)
27:12
Challenge - Intro
12:27
Challenge - Hacking Activities
33:59
Challenge - Hacking Content Provider
19:21
Challenge - Hacking BroadCast Receiver
16:17
Challenge - Password (Decryption)
23:33

Smali

43 lectures
Recap
03:13
Smali - Introduction
17:55
Smali - Patching
10:45
Challenge - Solution
13:34
Registers
33:09
Types
16:07
P0 - Register
11:09
Dalvik Opcodes
25:16
Smali File Structure
21:56
Practice - Smali
33:39
Practice - Solution
12:59
Orange Belt - Intro
02:28
Orange Belt - Solution
32:28
IF - Intro
01:15
IF / ELSE / GOTO
18:36
IF / ELSE / GOTO - Code Analysis
25:42
IF / ELSE / GOTO - Blocks
09:25
IF / ELSE / GOTO - Practice
07:14
Smali Patching - Flipping the logic
40:50
Smali Patching - Deleting Code
27:03
Smali Patching - Jump Instructions
12:31
Green Belt - Challenge (Patching Rooting Detection)
4 questions
Rooting Detection - Intro
04:59
Rooting Detection (bypass) - Solution
35:05
Rooting Detection - Solution2 (Bonus)
19:20
Smali - Objects and Methods
39:52
Smali - Static Methods
12:36
Smali - Hello World (Yes, this late)
11:22
Printing out secrets - System.out (Written in Smali)
34:43
Patching XOR encryption
14:00
One challenge to recap all - Intro
29:18
One challenge to recap all - Part 1
25:37
One challenge to recap all - Part 2
47:10
One challenge to recap all - Part 3
01:17:46
One challenge to recap all - Solution
28:14
Smali Patching - Fire Rate
1 question
Smali Patching - Double Shot
1 question
Blue Belt - Challenge (Intro)
01:43
Blue Belt - Challenge (Hint)
36:54
Blue Belt - Challenge (Solution)
38:29
Black Belt - Challenge
1 question
Debugging Android Applications
15:30
SMALI Debugging on Steroids
24:06

Man in the Middle

13 lectures
Adress Resolution Protocol (ARP)
15:57
MitM - Setup
29:57
Intercepting - Theory
19:24
BurpSuite - Setup
32:25
Reset the Setup
08:55
HTTPS - Technical View
20:09
Installing a Certificate
16:55
MitM Setup - Virtual Machine (VM)
23:02
Certificate Pinning - Theory
07:12
Certificate Pinning - OpenSSL (Bonus)
01:07:23
Certificate Pinning - Patching Fingerprint
26:50
Certificate Pinning - Patching Certificate
15:50
Certificate Pinning - Objection (Bypass)
13:38

FRIDA

33 lectures
Introduction
04:33
Install
20:25
Hooking - Theory
27:34
Dize Game - HandsOn
06:06
Dize App - Analysis
09:45
Dize App - Observing Parameters
26:37
Dize App - Modifying Parameters
11:04
Function Overloading
18:33
Manipulate the PRNG of the dize application
1 question
Timing (Hooking)
08:48
Challenge - Rooting Detection (bypass)
02:49
Challenge - Rooting Detection (solution)
15:44
Actively calling a method
29:46
Working with Instances
28:25
HandsOn
20:40
HandsOn - Solution
01:02:19
Instance as a parameter
17:20
Existing instance as a parameter
07:54
Challenge - Create multiple player shots
01:41
Challenge - Mulitple player shots (solution)
16:58
Constructor hooking
20:10
Manipulating UI Thread
29:45
Writing a trainer
24:24
Hooking the Native Development Kit (NDK)
14:49
NDK hooking - Easy Way
16:10
NDK hooking - Hard way
33:40
NDK hooking - timing
08:56
Manipulating NDK methods (overwriting)
25:20
Reversing C - function in ghidra (Bonus)
29:12
Hooking C - function in frida (Bonus)
01:07:38
Red Belt - Challenge (FINAL)
1 question
FRIDA without ROOT (FRIDA GADGET)
18:29
FRIDA Standalone - When no connection is possible!
19:21

CTF - Series (New 2024!)

6 lectures
Starting of a new series!
08:54
CTF - LicenseValidator (ARM reversing - Ghidra) Part 1
53:41
CTF - LicenseValdiator Solution (Ghidra)
14:15
CTF - Androgoat (Root / Emulator detection / Binary Patching)
25:21
CTF - Androgoat (Reversing)
01:31
CTF - Androgoat (XSS / SQLi / WebView)
34:22

Additional Files

1 lectures
CheatSheet
00:04

Đánh giá của học viên

Chưa có đánh giá
Course Rating
5
0%
4
0%
3
0%
2
0%
1
0%

Bình luận khách hàng

Viết Bình Luận

Bạn đánh giá khoá học này thế nào?

Khoá học liên quan

LPIC-1: Linux System Administrator Exam 101&102 (Tiếng Việt)

LPIC-1: Linux System Administrator Exam 101&102 (Tiếng Việt)

25 VND
50.000 VND
Tự học SQL cùng Vịt - Cơ bản

Tự học SQL cùng Vịt - Cơ bản

25 VND
50.000 VND
Tự học SQL cùng Vịt - Nâng cao

Tự học SQL cùng Vịt - Nâng cao

155 VND
50.000 VND
JavaScript Data Structures & Algorithms + LEETCODE Exercises

JavaScript Data Structures & Algorithms + LEETCODE Exercises

1.699.000 VND
50.000 VND
CompTIA Pentest+ (Ethical Hacking) Course & Practice Exam

CompTIA Pentest+ (Ethical Hacking) Course & Practice Exam

2.499.000 VND
50.000 VND
Viết ứng dụng bán hàng với Java Springboot/API và Angular

Viết ứng dụng bán hàng với Java Springboot/API và Angular

25 VND
50.000 VND
ISTQB Foundation Level preparation course+1000quiz examples

ISTQB Foundation Level preparation course+1000quiz examples

100 VND
50.000 VND
[NEW] Spring Security 6 Zero to Master along with JWT,OAUTH2

[NEW] Spring Security 6 Zero to Master along with JWT,OAUTH2

90 VND
50.000 VND
Design Microservices Architecture with Patterns & Principles

Design Microservices Architecture with Patterns & Principles

85 VND
50.000 VND
Trở thành Project Manager (quản lý dự án) công ty phần mềm

Trở thành Project Manager (quản lý dự án) công ty phần mềm

25 VND
50.000 VND
DoS, DDoS, DRDoS & BotNets

DoS, DDoS, DRDoS & BotNets

25 VND
50.000 VND
Data Engineering Essentials using SQL, Python, and PySpark

Data Engineering Essentials using SQL, Python, and PySpark

110 VND
50.000 VND
MikroTik Network Associate with LABS

MikroTik Network Associate with LABS

25 VND
50.000 VND
Arduino Step by Step: Getting Started

Arduino Step by Step: Getting Started

90 VND
50.000 VND
Complete React, Next.js & TypeScript Projects Course 2024

Complete React, Next.js & TypeScript Projects Course 2024

120 VND
50.000 VND
Embedded Systems Object-Oriented Programming in C

Embedded Systems Object-Oriented Programming in C

25 VND
50.000 VND
image

Đăng ký get khoá học Udemy - Unica - Gitiho giá chỉ 50k!

Get khoá học giá rẻ ngay trước khi bị fix.

Get khoá học cho tôi