Is Your Mobile App Secure?Powerpoints · Projects · Links · Home Page |
Preparing Your ComputerWhat Computer to UseA computer with one of these operating systems(running on the bare metal--NOT a virtual machine)
Software to Install (Instructions Below)
Instructions for Ubuntu Linux MachinesInstalling Android Studio, Genymotion, and Burp on Ubuntu Instructions for Mac OS X or Windows MachinesInstalling Android Studio on a Mac or Windows Computer |
Powerpoints
Android Security Auditing
1: The mobile risk ecosystem If you do not have PowerPoint you can use Open Office. |
Links |
---|
Apple Platform Security Apple Platform Security PDF DVIA (Damn Vulnerable iOS App) | A vulnerable iOS app for pentesting OWASP/owasp-masvs: The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security. 2019-12-29: Hybrid App Developers: Don't Store Your User's Passwords Passwords are the biggest threat to GDPR compliance (Mar. 2019) Chat app Knuddels fined 20 k Eurosunder GDPR regulation (Nov 24, 2018) Remote logging for mobile apps (April, 2019) From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 -- spaceraccoon.dev Project Zero: Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 (Jan. 2019) Project Zero: Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass (Jan. 2019) Project Zero: Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution (Jan. 2019) Reverse-Engineering-and-Tampering iOS Apps OWASP GDB to LLDB command map -- The LLDB Debugger Google Maps Platform--Protecting API Keys We reverse engineered 16k apps, here's what we found Hands On Mobile API Security: Get Rid of Client Secrets Why OAuth API Keys and Secrets Aren't Safe in Mobile Apps Hey Developer, Give me your API keys.!! HOW TO EXTRACT AN API KEY FROM A MOBILE APP BY STATIC BINARY ANALYSIS Ch 2b: Hack in the (sand)Box Android App Reverse Engineering 101 | Learn to reverse engineer Android applications! DJI Privacy Analysis Validation--GOOD ANDROID PROJECT Oversecured detects dangerous vulnerabilities in the TikTok Android app--USE FOR PROJECT AndroGoat: Vulnerable Android App Ch 6a: Encryption | Android Open Source Project Ch 6b: Android versions market share Ch 7a: Android activity manager "am" command help 2021-02-22: Virtual iPhones with Free Trial! pidcat: Colored logcat script which only shows log entries for a specific application package. Ch 7b: Service vs IntentService in Android Can I Jailbreak? - Home Jailbreaking iOS for Mobile Security Assessments (March 2021 Edition) - SANS Institute Ch 8a: What happens if you enter the wrong PIN for many times in an Android phone? - Quora Ch 8b: How to reset your Android lock screen password/PIN/pattern - TechRepublic Ch 8c: Android WebView addJavascriptInterface Code execution Vulnerability MOBISEC - Mobile Security Course iOS Hooking With Objection - HackTricks ZipperDown Vulnerability--Path Traversal in iOS and Android ANDROID PT / Path Traversal Vulnerability Ch 6c: Android OS version market share over time | AppBrain Drozer / needle - is it still alive? 2022-10-04: Releases · abhi-r3v0/EVABS EVABSv4 Walkthrough Android Studio Emulator (AVD) Rooting with Magisk using rootAVD - YouTube EVABSv4 (Part 2) - ITZone Troubleshooting Android Studio - Android Emulator Wifi Connected with No Internet Registers in smali Ch 2a: Cachegrab sttack exposes secrets from ARM TrustZone Ch 2c Citigroup says its iPhone app puts customers at risk Ch 2d: Citi Discloses Security Flaw in Its iPhone App - WSJ How to Reverse Engineer and Patch an iOS Application for Beginners: Part I Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3) How to instrument system applications on Android stock images with Frida and Magisk Security of runtime process in iOS and iPadOS - Apple Support Xamarin | Open-source mobile app platform for .NET, with iOS -- USE FOR PROJECTS |