Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jdonsec/AllThingsAndroid

A Collection of Android Pentest Learning Materials
https://github.com/jdonsec/AllThingsAndroid

Last synced: about 2 months ago
JSON representation

A Collection of Android Pentest Learning Materials

Awesome Lists containing this project

README 

        
# AllThingsAndroid

![Logo](/images/logo.png)



**This is a collection of writeups, cheatsheets, videos, related to Android Pentesting during my learning journey.**



This is currently work in progress I will add more resources as I find them.



### Created By [@jdonsec](https://twitter.com/jdonsec)



#### Learning Materials



- [**NAHAMSEC** - Mobile Hacking](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/mobile.md)

- [OWASP - Mobile Security Testing Guide](https://mobile-security.gitbook.io/mobile-security-testing-guide/)

- [**Deesee Blog** - Android Application Hacking Resources](https://blog.deesee.xyz/android/security/2020/01/13/android-application-hacking-resources.html)

- [**Maddie Stone** - Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/)

- [Hacker101 - Mobile Hacking Crash Course](https://www.hacker101.com/sessions/mobile_crash_course.html)

- [MOBISEC -  Mobile Systems and Smartphone Security](https://mobisec.reyammer.io/)

- [**Kamil Vavra** - How to bypass Android certificate pinning and intercept SSL traffic](https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/)



### Learning Videos

- [**A must follow on medium Vickie Li** - An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0)

- [**Virseccon 2020** - B3nac Android Hacking VirSecCon2020 talk](https://www.youtube.com/watch?v=mr64si_-YwI)

- [Presenters: **Joff Thyer and Derek Banks** - Android App Penetration Testing 101](https://www.youtube.com/watch?v=2uwhrfXCl4I)

- [Speaker: **Nikita Stupin**, Mail.ru - Vulnerabilities of mobile OAuth 2.0](https://www.youtube.com/watch?v=vjCF_O6aZIg)

- [Bugcrowd **Ben Actis** LevelUp 2017 - Advanced Android Bug Bounty skills](https://www.youtube.com/watch?v=OLgmPxTHLuY)



### Vulnerable Applications



- [**B3nac** - InjuredAndroid - CTF](https://github.com/B3nac/InjuredAndroid)



#### Tools



- [**B3nac** - Youtube Channel](https://www.youtube.com/channel/UCeSBNDhEqcQSfeR8LEcD-NA/videos)

- [**Sensepost** - objection - Runtime Mobile Exploration](https://github.com/sensepost/objection)

- [MobSF - Mobile-Security-Framework-MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)

- [APK Downloader -APKPURE](https://apkpure.com/)

- [**Matlink** - gplaycli is a command line tool to search, install, update Android applications from the Google Play Store.](https://github.com/matlink/gplaycli)

- [ADB Shell - Commands](https://adbshell.com/commands/adb-install)



#### Writeups



- [**Negativewives** - A New Way Of Brute force Passcode/Pin Protection By deep link](https://negativewives.blogspot.com/2020/04/a-new-way-of-brute-force-passcodepin.html)

- [**Negativewives** - Exploitation of Improper Export of Activities In Android Application](https://negativewives.blogspot.com/2020/04/improper-export-of-activities-in.html)

- [**Negativewives** - Passcode Protection Bypass By Brute Forcing On zoho (Cliq Application)](https://negativewives.blogspot.com/2020/04/passcode-protection-bypass-by-brute.html)

- [**Ivan** - Tips for Mobile Bug Bounty Hunting](https://ivrodriguez.com/tips-for-mobile-bug-bounty-hunting/)

- [**Elliot Anderson** - Tweeter Mega Thread on Android Security](https://twitter.com/fs0c131y/status/1129680329994907648)



#### Hackerone Reports

-[**Avinash (dedsec69)** - IDOR leading to downloading of any attachment](https://hackerone.com/reports/668439)



#### Videos/POC