Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jdonsec/AllThingsAndroid
A Collection of Android Pentest Learning Materials
https://github.com/jdonsec/AllThingsAndroid
Last synced: 22 days ago
JSON representation
A Collection of Android Pentest Learning Materials
- Host: GitHub
- URL: https://github.com/jdonsec/AllThingsAndroid
- Owner: jdonsec
- License: mit
- Created: 2020-04-30T19:26:13.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-09-28T14:12:26.000Z (about 4 years ago)
- Last Synced: 2024-11-13T23:40:10.320Z (29 days ago)
- Homepage:
- Size: 132 KB
- Stars: 380
- Watchers: 28
- Forks: 100
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - jdonsec/AllThingsAndroid - A Collection of Android Pentest Learning Materials (Others)
README
# AllThingsAndroid
![Logo](/images/logo.png)**This is a collection of writeups, cheatsheets, videos, related to Android Pentesting during my learning journey.**
This is currently work in progress I will add more resources as I find them.
### Created By [@jdonsec](https://twitter.com/jdonsec)
#### Learning Materials
- [**NAHAMSEC** - Mobile Hacking](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/mobile.md)
- [OWASP - Mobile Security Testing Guide](https://mobile-security.gitbook.io/mobile-security-testing-guide/)
- [**Deesee Blog** - Android Application Hacking Resources](https://blog.deesee.xyz/android/security/2020/01/13/android-application-hacking-resources.html)
- [**Maddie Stone** - Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/)
- [Hacker101 - Mobile Hacking Crash Course](https://www.hacker101.com/sessions/mobile_crash_course.html)
- [MOBISEC - Mobile Systems and Smartphone Security](https://mobisec.reyammer.io/)
- [**Kamil Vavra** - How to bypass Android certificate pinning and intercept SSL traffic](https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/)### Learning Videos
- [**A must follow on medium Vickie Li** - An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0)
- [**Virseccon 2020** - B3nac Android Hacking VirSecCon2020 talk](https://www.youtube.com/watch?v=mr64si_-YwI)
- [Presenters: **Joff Thyer and Derek Banks** - Android App Penetration Testing 101](https://www.youtube.com/watch?v=2uwhrfXCl4I)
- [Speaker: **Nikita Stupin**, Mail.ru - Vulnerabilities of mobile OAuth 2.0](https://www.youtube.com/watch?v=vjCF_O6aZIg)
- [Bugcrowd **Ben Actis** LevelUp 2017 - Advanced Android Bug Bounty skills](https://www.youtube.com/watch?v=OLgmPxTHLuY)### Vulnerable Applications
- [**B3nac** - InjuredAndroid - CTF](https://github.com/B3nac/InjuredAndroid)
#### Tools
- [**B3nac** - Youtube Channel](https://www.youtube.com/channel/UCeSBNDhEqcQSfeR8LEcD-NA/videos)
- [**Sensepost** - objection - Runtime Mobile Exploration](https://github.com/sensepost/objection)
- [MobSF - Mobile-Security-Framework-MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)
- [APK Downloader -APKPURE](https://apkpure.com/)
- [**Matlink** - gplaycli is a command line tool to search, install, update Android applications from the Google Play Store.](https://github.com/matlink/gplaycli)
- [ADB Shell - Commands](https://adbshell.com/commands/adb-install)#### Writeups
- [**Negativewives** - A New Way Of Brute force Passcode/Pin Protection By deep link](https://negativewives.blogspot.com/2020/04/a-new-way-of-brute-force-passcodepin.html)
- [**Negativewives** - Exploitation of Improper Export of Activities In Android Application](https://negativewives.blogspot.com/2020/04/improper-export-of-activities-in.html)
- [**Negativewives** - Passcode Protection Bypass By Brute Forcing On zoho (Cliq Application)](https://negativewives.blogspot.com/2020/04/passcode-protection-bypass-by-brute.html)
- [**Ivan** - Tips for Mobile Bug Bounty Hunting](https://ivrodriguez.com/tips-for-mobile-bug-bounty-hunting/)
- [**Elliot Anderson** - Tweeter Mega Thread on Android Security](https://twitter.com/fs0c131y/status/1129680329994907648)#### Hackerone Reports
-[**Avinash (dedsec69)** - IDOR leading to downloading of any attachment](https://hackerone.com/reports/668439)#### Videos/POC