Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jdonsec/AllThingsAndroid

A Collection of Android Pentest Learning Materials
https://github.com/jdonsec/AllThingsAndroid

Last synced: 22 days ago
JSON representation

A Collection of Android Pentest Learning Materials

Awesome Lists containing this project

README

        

# AllThingsAndroid
![Logo](/images/logo.png)

**This is a collection of writeups, cheatsheets, videos, related to Android Pentesting during my learning journey.**

This is currently work in progress I will add more resources as I find them.

### Created By [@jdonsec](https://twitter.com/jdonsec)

#### Learning Materials

- [**NAHAMSEC** - Mobile Hacking](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/mobile.md)
- [OWASP - Mobile Security Testing Guide](https://mobile-security.gitbook.io/mobile-security-testing-guide/)
- [**Deesee Blog** - Android Application Hacking Resources](https://blog.deesee.xyz/android/security/2020/01/13/android-application-hacking-resources.html)
- [**Maddie Stone** - Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/)
- [Hacker101 - Mobile Hacking Crash Course](https://www.hacker101.com/sessions/mobile_crash_course.html)
- [MOBISEC - Mobile Systems and Smartphone Security](https://mobisec.reyammer.io/)
- [**Kamil Vavra** - How to bypass Android certificate pinning and intercept SSL traffic](https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/)

### Learning Videos
- [**A must follow on medium Vickie Li** - An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0)
- [**Virseccon 2020** - B3nac Android Hacking VirSecCon2020 talk](https://www.youtube.com/watch?v=mr64si_-YwI)
- [Presenters: **Joff Thyer and Derek Banks** - Android App Penetration Testing 101](https://www.youtube.com/watch?v=2uwhrfXCl4I)
- [Speaker: **Nikita Stupin**, Mail.ru - Vulnerabilities of mobile OAuth 2.0](https://www.youtube.com/watch?v=vjCF_O6aZIg)
- [Bugcrowd **Ben Actis** LevelUp 2017 - Advanced Android Bug Bounty skills](https://www.youtube.com/watch?v=OLgmPxTHLuY)

### Vulnerable Applications

- [**B3nac** - InjuredAndroid - CTF](https://github.com/B3nac/InjuredAndroid)

#### Tools

- [**B3nac** - Youtube Channel](https://www.youtube.com/channel/UCeSBNDhEqcQSfeR8LEcD-NA/videos)
- [**Sensepost** - objection - Runtime Mobile Exploration](https://github.com/sensepost/objection)
- [MobSF - Mobile-Security-Framework-MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)
- [APK Downloader -APKPURE](https://apkpure.com/)
- [**Matlink** - gplaycli is a command line tool to search, install, update Android applications from the Google Play Store.](https://github.com/matlink/gplaycli)
- [ADB Shell - Commands](https://adbshell.com/commands/adb-install)

#### Writeups

- [**Negativewives** - A New Way Of Brute force Passcode/Pin Protection By deep link](https://negativewives.blogspot.com/2020/04/a-new-way-of-brute-force-passcodepin.html)
- [**Negativewives** - Exploitation of Improper Export of Activities In Android Application](https://negativewives.blogspot.com/2020/04/improper-export-of-activities-in.html)
- [**Negativewives** - Passcode Protection Bypass By Brute Forcing On zoho (Cliq Application)](https://negativewives.blogspot.com/2020/04/passcode-protection-bypass-by-brute.html)
- [**Ivan** - Tips for Mobile Bug Bounty Hunting](https://ivrodriguez.com/tips-for-mobile-bug-bounty-hunting/)
- [**Elliot Anderson** - Tweeter Mega Thread on Android Security](https://twitter.com/fs0c131y/status/1129680329994907648)

#### Hackerone Reports
-[**Avinash (dedsec69)** - IDOR leading to downloading of any attachment](https://hackerone.com/reports/668439)

#### Videos/POC