Mobile Application Penetration Testing

This course focuses on Android and iOS Mobile Application Penetration testing. The course will demonstrate common techniques to extract sensitive data from Android and iOS Application such as API Keys, stored secrets, and firebase databases, and provide a solid foundation for continuing a career as a Mobile Application Penetration Tester. This course will cover the common methodologies and practices you can utilize to start Bug Bounty hunting mobile applications.

For the Android section of this course the following device requirements will apply:

• Windows, Linux, or MacOS based machine
• 16 GB of RAM or more (to run virtual machines as well as emulated devices)
• At least 250GB of available storage

For the iOS Section of this course the following device requirements will apply:

• MacOS-based Machine (Macbook, Mac Mini, etc.), or Linux-Based machine with at least 16 GB of RAM and 250GB of available storage
•  Physical iPhone or iPad running iOS 16.x or less (for jailbreaking purposes)

• A basic understanding of Web Application or API-based penetration testing
• Some familiarity with Mobile Application platforms such as iOS and Android (like how to navigate to settings, install applications, etc.) is expected.

• Introduction and Course Resources
  • Course Introduction
  • Course Resources
  • Mobile Pentesting Certification Landscape
  • Device Requirements – Old
  • Device Requirements
  • Course Discord
• Penetration Testing Process
  • The Penetration Testing Process
  • The Mobile Application Penetration Testing Process
• Android Intro and Security Architecture
  • Android Security Architecture
  • Application Security and Signing Process
• Android Lab Setup
  • Windows – JADX-GUI
  • Windows – adb Install
  • Windows – apktool install
  • Windows – Android Studio Install
  • Kali Linux – PimpMyKali (Easy Mode)
  • Kali Linux – adb Install
  • Kali Linux – apktool Install
  • Kali Linux – JADX-GUI Install
  • Kali Linux – Android Studio Install
  • Mac – Brew
  • Mac – JADX-GUI
  • Mac – apktool
  • Mac – Android Studio
  • Emulator Setup & Recommendations (All Platforms)
  • Accessing ADB Shell from a VM/Networked Device
  • Additional Emulator Options Android (Optional)
  • Physical Device Setup (Optional)
  • Common Issue: No Extended Controls
• Android Static Analysis
  • Pulling an APK From the Google Play Store
  • Intro to Injured Android
  • Android Manifest.xml
  • Manual Static Analysis
  • How to Find Hardcoded Strings
  • Injured Android Static Analysis (Flags 1-4)
  • Enumerating AWS Storage Buckets via Static Analysis
  • Enumerating Firebase Databases via Static Analysis
  • Automated Analysis using MobSF
• Android Dynamic Analysis
  • Intro to SSL Pinning/Dynamic Analysis
  • Dynamic Analysis using MobSF
  • Burp Suite Install and Overview
  • Burp Suite Setup/Intercept
  • Proxyman Install & Usage
  • Patching Applications Automatically using Objection
  • Patching Applications Manually
  • Dynamic Analysis – Final Notes and Vectors
  • The Frida Codeshare
  • Using Frida Codeshare & Startup Scripts
  • Common Issue: Can’t Decode Resources
• Android Bug Bounty Hunt
  • Bounty Hunt 1 – Joann Fabrics
  • Bounty Hunt 2 – Sam’s Club App
  • Bounty Hunt 2 – Zaxby’s
• BONUS – Android Red Teaming
  • In-Line Attacks
  • Creating a Generic APK with Metasploit Shell
  • Injecting Play Store App with Metasploit Shell
  • The Ghost Framework
• iOS Introduction and Architecture
  • Intro to iOS
• iOS Lab Setup
  • xCode Setup/Install
  • Using xCode
  • Developer License Setup
  • AnyTrans (Pull IPA from App Store)
  • IPATool (Pull IPA from App Store – Updated)
  • Additional Emulator Options iOS (Optional)
• iOS Static Analysis
  • Manual Static Analysis
  • Automated Analysis with MobSF
• iOS Dynamic Analysis/Jailbreaking
  • Burp Suite Setup & Usage
  • Proxyman – iOS
  • SSL Pinning iOS
  • Using Objection for iOS
  • Jailbreaking
  • Burp Mobile Assistant (Optional)
  • SSL Killswitch
  • Jailbreaking iOS 15.x-16.x
  • SSL Killswitch iOS 15.x-16.x
  • Traffic Interception iOS 15.x-16.x
• iOS Bug Bounty Hunt
  • Bug Bounty Hunt 1 – Nike App
  • Bug Bounty Hunt 2 – Kohl’s
• MAPTv2 – Introduction and Course Resources
  • About This Course
  • About Me
  • Course Discord
  • Course Outline
  • Mobile Penetration Testing Certification Landscape
  • Device Requirements
• MAPTv2 – Mobile Pentesting Process
  • Mobile Pentesting Process vs Traditional Penetration Test
  • Mobile Pentesting War Stories
  • What jobs are there for Mobile Pentesters?
  • New Lesson
• Tools Setup
• CTF With Me
• Code It With Me
• iOS Penetration Testing Setup
• iOS Penetration Testing
• Wrapping Up
  • Next Steps: The Practical Mobile Pentest Associate (PMPA)