Links for Chapter Lectures

Ch 2a: How to Crack GSM A5 Encryption (from 2009)
Ch 2b: 26C3: GSM: SRSLY?
Ch 2b2: SMS DoS could kill a whole city from a single attacking device (2005)
Ch 2c: Never trust SMS: iOS text spoofing
Ch 2d: Android Vulnerability Opens Door to SMS Phishing Scams
Ch 2e: How I (Easily) Hacked Into Voice Mail (2011)
Ch 2f: Caller ID Spoofing, Voice Changing & Call Recording - Prank Calls - SpoofCard
Ch 2g: Poking at the femtocell hardware in an AT&T Microcell (2012)
Ch 2h: Hacking the Vodafone Femtocell (2009)

Ch 3a: iOS - Wikipedia
Ch 3b: Why Apple's 64-bit iPhone chip is a bigger deal than you think (2013)
Ch 3c: Position-independent code - Wikipedia
Ch 3d: Apple iOS 4 Security Evaluation -- Dino A. Dai Zovi (2011)
Ch 3e: What to Do Before You Give Away your Old iPhone (2014)
Ch 3f: How-To do many things on iPhone, with good screen images
Ch 3g: How The World Butchered Benjamin Franklin's Quote On Liberty Vs. Security
Ch 3h: New virus for jailbroken iPhones the most serious so far (2009)
Ch 3i: New Malware 'Unfold Baby Panda' Discovered on Jailbroken iOS (2014)
Ch 3j: AdThief malware infects over 75,000 jailbroken iOS devices (2014)
Ch 3k: Unlocking A New iPhone Is Now Illegal, But Jailbreaking Is Still Legal
Ch 3l: Obama Signs Cell Phone Unlocking Bill Into Law, iPhone Unlocking No Longer Illegal (Aug., 2014)
Ch 3k: Jailbreaking now legal under DMCA for smartphones, but not tablets (2012)
Ch 3n: evasi0n iOS 7.0.x Jailbreak
Ch 3o: Tethered Jailbreak vs Untethered Jailbreak
Ch 3p: Apple Kicks Security Researcher Out Of The App Store After iOS Exploit Demonstration
Ch 3q: Metasploit Exploits for MobileSafari
Ch 3r: About the security content of iOS 4.3.4 Software Update - Apple Support
Ch 3s: Analysis of the jailbreakme v3 font exploit - Sogeti ESEC Lab
Ch 3t: Source code for iKee worm
Ch 3u: Syn: IPhone Port Scan
Ch 3v: iPhone - Security 101 (from 2008)
Ch 3w: CVE-2009-1683 ICMP DoS Exploit
Ch 3x: Apple iPhone SMS Application Remote Code Execution Vulnerability
Ch 3y: Fuzzing the Phone in your Phone (Black Hat USA 2009
Ch 3z: Baseband Device - The iPhone Wiki
Ch 3z1: WireLurker Malware Infects Macs, Attacks Non-Jailbroken iPhones (Nov. 2014)
Ch 3z2: Lost iPhone? Lost Passwords!
Ch 3z3: Bypass lockscreen in iOS 6.1 with "Emergency Call" feature
Ch 3z4: Bypass lockscreen in iOS 6.1.3 with Siri
Ch 3z5: Bypass lockscreen in iOS 8 with Siri
Ch 3z6: Four-digit passcodes are a weak point in iOS 8 data encryption
Ch 3z7: How Thieves Unlock Passcodes on Stolen iPhones (And How to Protect Yourself Against It)
Ch 3z8: IP-BOX iPhone Password Unlock Tool
Ch 3z9: Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage
Ch 3z10: Signaling Post-Snowden Era, New iPhone Locks Out N.S.A. (Sept. 2014)
Ch 3z11: Apple Still Has Plenty of Your Data for the Feds - The Intercept
Ch 3z12: Apple - Apple Pay
Ch 3z13: Apple Pay vs. Google Wallet
Ch 3z14: About App Distribution
Ch 3z15: Start Developing iOS Apps Today: Setup
Ch 3z16: Start Developing iOS Apps Today: Where to Go from Here
Ch 3z17: Malicious Profiles - The Sleeping Giant of iOS Security
Ch 3z18: iOS Threats - Malicious Configuration Profiles, Threat, Detection & More
Ch 3z19: Latest iOS 'malware' is easy to detect and avoid
Ch 3z20: iCloud - Bypass - doulCi
Ch 3z21: Exploring and Exploiting iOS Web Browsers
Ch 3z22: Adding Trusted Root Certificate Authorities to iOS (iPad, iPhone) (2012)
Ch 3z23: Installing Corporate CA Certificates on iPhone or iPad (2013)
Ch 3z24: MEMSCAN dumps iOS process memory
Ch 3z25: XCode on Windows: How to Develop for Mac or iOS on a PC
Ch 3z26: Jailbreaking is annoying

Ch 4a: iPhone v. Android Market Share (May, 2014)
Ch 4b: Downloading the Source Android Developers
Ch 4c: Android Architecture - The Key Concepts of Android OS
Ch 4d: Manifest.permission Android Developers
Ch 4e: Download Android Studio and SDK Tools
Ch 4f: Google releases Android Studio 1.0, the first stable version of its IDE
Ch 4g Android Emulator
Ch 4h: Android Application hacking with Insecure Bank Part 1
Ch 4i: Brazilian Trojan Bankers -- now on your Android Play Store! (made with App Inventor)
Ch 4j: Careful with photos from unknown sources in Android: They could now contain a nasty surprise
Ch 4k: How to root your android 4.1.1 and up no computer - YouTube
Ch 4l: Root Master 1.3.6_Cekas FIX Sharebertron.blogspot.com
Ch 4m: Fastest way to Root any Android Phone Without a Computer
Ch 4n: How to install Google Play Store app manually
Ch 4o: How to Install Android in VirtualBox
Ch 4p: How to Root Galaxy S3 on Android 4.34.4.2!
Ch 4q: How to Root the Samsung Galaxy S3 on Android 4.3 Jelly Bean
Ch 4r: How to root Android x86 4.3
Ch 4s: Moonpig vulnerability in Android App -- Great example of analysis
Ch 4t: 30 Must-Try Apps For Rooted Android Phones
Ch 4u: DiskDigger undelete (root) - Android Apps on Google Play
Ch 4v: Wifi Protector Detects and Prevents ARP spoofing (Android)
Ch 4w: AFWall (Android Firewall ) - Android Apps on Google Play
Ch 4x: DroidSheep Simple OpenSource Session hijacking on Android devices
Ch 4y: drozer: a comprehensive security audit and attack framework for Android
Ch 4z1: drozer user's guide
Ch 4z2: DroidSheep : ARP-Spoofing App for Android
Ch 4z3: Linux Deploy - Android Apps on Google Play -- USE FOR PROJECT
Ch 4z4: Google abandons 60 percent of Android users (Jan. 12, 2014)
Ch 4z5: Android Forensics -- Open Course Materials!
Ch 4z6: Android Hacking and Security, Part 13: Introduction to Drozer - InfoSec Institute
Ch 4z7: Android Hacking and Security, Part 1: Exploiting and Securing Application Components - InfoSec Institute
Ch 4z8: Android Hacking and Security, Part 2: Content Provider Leakage - InfoSec Institute
Ch 4z9: Android Hacking and Security, Part 3: Exploiting Broadcast Receivers - InfoSec Institute
Ch 4z10: The insecure Android app for your hacking pleasure
Ch 4z11: NSA approves Samsung Knox for use by TOP SECRET g-men (Oct., 2014)
Ch 4z12: Deconstructing an insecure Android password manager
Ch 4z13: Android hacking apps, including SSL killers
Ch 4z14: Setting up a persistent trusted CA in an Android emulator
Ch 4z15: Signing an Android Application for Real Life Mobile Device Usage Installation
Ch 4z16: Android Assessments with GenyMotion Burp
Ch 4z17: Genymotion - User Guide
Ch 4z18: Installing Android Studio - Google Slides
Ch 4z19: Storage: Nexus 5 Data
Ch 4z20: Introduction to Android Development and Security
Ch 4z21: OWASP-GoatDroid-Project GitHub
Ch 4z22: Android Hackmes
Ch 4z23: ProjectsOWASP GoatDroid Project
Ch 4z24: How to install GoatDroid in MobiSec
Ch 4z25: Mobile PenetraUon TesUng with MobiSec
Ch 4z26: My Null Android Penetration Session
Ch 4z27: Android Application Penetration Testing: Setting up, Certificate Installation and GoatDroid Installation
Ch 4z28: OWASP Global Webinar - Jack Mannino - GoatDroid release - YouTube
Ch 4z29: Steal User Information from Android App -- GoatDroid Example
Ch 4z30: Using Introspy and Drozer to analyse GoatDroid - YouTube
Ch 4z31: Securing Android Applications With Goatdroid -- SecurityTube
Ch 4z32: Debug Howto - Android-x86 - Porting Android to x86
Ch 4z33: android - How to install Google Play Services in a Genymotion VM
Ch 4z34: Android emulator: Solution for "Please ensure Intel HAXM is properly installed and usable." error
Ch 4z35: Investigating Your RAM Usage Android Developers
Ch 4z36: Download Eclipse Memory Analyzer Tool for Android
Ch 4z37: Microsoft to Invest in Cyanogen - Taking Android Away from Google
Ch 4z38: Saving data to a file in your Android application
Ch 4z39: KitKat and SD cards -- what's fixed, what's broken and what's misunderstood
Ch 4z40: Make a filedirectory read only on Android?
Ch 4z41: Using Cryptography to Store Credentials Safely Android Developers Blog
Ch 4z42: EmulatorRoot BlueStacks 0.7.7.813 Android Development and Hacking XDA Forums
Ch 4z43: Dancing with dalvik
Ch 4z44: Can't connect Genymotion over ADB
Ch 4z45: Issue 621 - android-apktool - Exception in thread 'main' - error while compiling - A tool for reverse engineering Android apk files - Google Project Hosting
Ch 4z46: Run shell commands from android program - Stack Overflow
Ch 4z47: Adware Android Apps Found in Google Play With Millions of Downloads (2-4-2015)
Ch 4z48: Connecting to the Network Android Developers
Ch 4z49: Android Network Connection Tutorial
Ch 4z50: java - Decompile .smali files on an APK
Ch 4z51: android - decompiling DEX into Java sourcecode
Ch 4z52: android cracking: example.smali
Ch 4z53: android cracking: example-structures.smali -- has HTTP GET
Ch 4z54: Android Reverse Engineering - A Kick Start
Ch 4z55: Want to break some Android apps? -- USEFUL FOR PROJECTS
Ch 4z56: Apache HttpClient - Tutorial (for Android)
Ch 4z57: Registers - smali - Information about registers in the smali format specifically, and dalvik bytecode in general
Ch 4z58: android.os.NetworkOnMainThreadException - Stack Overflow
Ch 4z59: ProGuard
Ch 4z60: How to Use ProGuard in Android Studio
Ch 4z61: Certificate and Public Key Pinning - OWASP
Ch 4z62: Intent Android Developers
Ch 4z63: Intents and Intent Filters Android Developers
Ch 4z64: android - launch sms application with an intent - Stack Overflow
Ch 4z65: Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More (from 2011)
Ch 4z66: NESSUS ANDROID APP - stores login info in plain text on SD card
Ch 4z67: Nessus app removed from Google Play
Ch 4z68: CVE-2012-2980: Samsung and HTC PIN Data Exposure in Log
Ch 4z69: Facebook SDK logs access token
Ch 4z70: CVE-2011-4872: HTC devices expose WiFi password to malicious apps
Ch 4z71: CVE-2010-4804: Android "content:" Scheme leaks contents of SD card
Ch 4z72: HTC IQRD Android Permission Leakage CVE-2012-2217
Ch 4z73: Where is usergroup id info stored on Android and how do I inerpret it?
Ch 4z74: Android Runtime has now replaced Dalvik

Ch 5a: Mobile Viruses (from 2011)
Ch 5b: F-Secure Mobile Threat Report Q1: 2014
Ch 5c: DroidDream Becomes Android Market Nightmare (from 2011)
Ch 5d: Google's Bouncer Malware Tool Hacked (2012)
Ch 5e: An Evaluation of the Application Verification Service in Android 4.2
Ch 5f: DroidDream Malware Found in Official Android Market
Ch 5g: Best Android Antivirus Apps 2015

Ch 6a: SOAP - Wikipedia
Ch 6b: JSON
Ch 6c: Learn REST: A Tutorial
Ch 6d: OWASP Top Ten (pdf)
Ch 6e: Top Ten Mobile Risks - OWASP
Ch 6f: Web Services Description Language - Wikipedia
Ch 6g: SoapUI - The Home of Functional Testing
Ch 6h: Secure Elements for NFC Payments by Phones
Ch 6i: 6 Things You Should Know About Fragment URLs
Ch 6j: Android Reflection

Ch 7a: Top 10 Enterprise Mobility Management Suites In Gartner*quot*s Magic Quadrant
Ch 7b: MDM Policy Edit
Ch 7c: Method Swizzling
Ch 7d: Arxan EnsureIT App Protections -- POSSIBLE PROJECT
Ch 7e: Arxan Report on Mobile App Security (Nov. 2014)
Ch 7f: State of Mobile App Security Infographic -- Most Apps Have Been Hacked (Nov. 2014)

Ch 8a: Microsoft Threat Modeling (1999)
Ch 8b: Trike Threat Modeling
Ch 8c: OCTAVE | Cyber Risk and Resilience Management | The CERT Division
Ch 8d: Threat modeling - Cigital
Ch 8e: Real World Threat Modeling Using the PASTA Methodology
Ch 8f: The Dangers of Square Bracket Notation
Ch 8g: ISO/IEC 7816 - Wikipedia
Ch 8h: ISO/IEC 14443 - Wikipedia
Ch 8i: MIFARE Hacks
Ch 8j: BART uses MIFARE Cards
Ch 8k: Anatomy of a Subway Hack
Ch 8l: New open-source app extracts passwords stored in Mac OS X keychain (from 2012)
Ch 8m: Apple iOS Security White Paper
Ch 8n: Encryption | Android Developers
Ch 8o: Google*quot*s *quot*encrypted-by-default*quot* Android is NOT encrypting by default (Mar. 2015)
Ch 8p: Certificate Pinning

Ch 9a: Isis Wallet mobile payment service changes its name to Softcard
Ch 9b: Apple Pay, Samsung Pay, Google Wallet, and more: A guide to mobile payment apps (Mar. 29, 2015)
Ch 9c: Missing the EMV Liability Shift Bears a Huge Cost
Ch 9d: Apple Pay - Wikipedia
Ch 9e: Samsung Pay vs. Google Wallet vs. Apple Pay: Drawing the Battle Lines (Mar., 2015)
Ch 9f: CNN Infographic comparing mobile payment options (Mar., 2015)
Ch 9g: Android Pay Is Real, And Will Give Developers The Reins As An API (Mar., 2015)
Ch 9h: CurrentC Is The Big Retailers\' Clunky Attempt To Kill Apple Pay And Credit Card Fees (Oct., 2014)
Ch 9i: Wocket wants to replace your wallet (April, 2015)
Ch 9j: CurrentC suffers pre-launch compromise (Oct. 2014)
Ch 9k: In-depth look at CurrentC and the personal data they want to collect (Oct., 2014)
Ch 9l: Square, Inc. - Wikipedia
Ch 9m: Universal Integrated Circuit Card - Wikipedia
Ch 9n: NFC payments now possible with microSD cards
Ch 9o: DeviceFidelity gets global Visa approval for CredenSE
Ch 9p: Kili acquires NFC microSD pioneer DeviceFidelity (Nov. 2014)
Ch 9q: Square buys mPOS developer Kili (Mar., 2015)
Ch 9r: GlobalPlatform
Ch 9s: Researcher hacks Google Wallet PIN on rooted Android phone (Feb., 2012)
Ch 9t: New Cloud-Based Google Wallet Still Vulnerable to Old PIN Hack (AUg., 2012)
Ch 9u: Square and Chip-and-PIN
Ch 9v: Square's Fees and Pricing
Ch 9u: Square vs. VeriFone: A Long Rivalry

Other Links

Kindle Hacking

USB Hacking

Baseband Hacking

Miscellaneous

New Links