Autoplay
Autocomplete
Dark Mode
Speed
Previous Lesson
Complete and Continue
Mobile Application Penetration Testing
Introduction and Course Resources
Course Introduction (7:25)
Course Resources (6:52)
Mobile Pentesting Certification Landscape (4:37)
Device Requirements (4:10)
Course Discord (2:04)
Penetration Testing Process
The Penetration Testing Process (8:16)
The Mobile Application Penetration Testing Process (20:26)
Android Intro and Security Architecture
Android Security Architecture (22:05)
Application Security and Signing Process (5:52)
Android Lab Setup
Windows - JADX-GUI (1:49)
Windows - adb Install (2:53)
Windows - apktool install (4:09)
Windows - Android Studio Install (1:55)
Kali Linux - PimpMyKali (Easy Mode) (3:59)
Kali Linux - adb Install (0:20)
Kali Linux - apktool Install (1:12)
Kali Linux - JADX-GUI Install (2:34)
Kali Linux - Android Studio Install (4:22)
Mac - Brew (1:16)
Mac - JADX-GUI (0:45)
Mac - apktool (0:47)
Mac - Android Studio (6:03)
Emulator Setup & Recommendations (All Platforms) (10:38)
Accessing ADB Shell from a VM/Networked Device (4:39)
Additional Emulator Options Android (Optional) (2:33)
Physical Device Setup (Optional) (4:50)
Common Issue: No Extended Controls (1:45)
Android Static Analysis
Pulling an APK From the Google Play Store (5:37)
Intro to Injured Android (3:14)
Android Manifest.xml (9:26)
Manual Static Analysis (9:50)
How to Find Hardcoded Strings (11:53)
Injured Android Static Analysis (Flags 1-4) (11:59)
Enumerating AWS Storage Buckets via Static Analysis (9:05)
Enumerating Firebase Databases via Static Analysis (7:25)
Automated Analysis using MobSF (20:53)
Android Dynamic Analysis
Intro to SSL Pinning/Dynamic Analysis (9:13)
Dynamic Analysis using MobSF (16:07)
Burp Suite Install and Overview (7:39)
Burp Suite Setup/Intercept (8:08)
Proxyman Install & Usage (12:41)
Patching Applications Automatically using Objection (7:47)
Patching Applications Manually (16:05)
Dynamic Analysis - Final Notes and Vectors (6:10)
The Frida Codeshare (2:32)
Using Frida Codeshare & Startup Scripts (2:51)
Common Issue: Can't Decode Resources (1:24)
Android Bug Bounty Hunt
Bounty Hunt 1 - Joann Fabrics (34:01)
Bounty Hunt 2 - Zaxby's (17:30)
BONUS - Android Red Teaming
In-Line Attacks (4:16)
Creating a Generic APK with Metasploit Shell (7:33)
Injecting Play Store App with Metasploit Shell (10:39)
The Ghost Framework (5:07)
iOS Introduction and Architecture
Intro to iOS (10:35)
iOS Lab Setup
xCode Setup/Install (3:19)
Using xCode (7:23)
Developer License Setup (3:53)
AnyTrans (Pull IPA from App Store) (4:59)
IPATool (Pull IPA from App Store - Updated) (5:48)
Additional Emulator Options iOS (Optional) (2:35)
iOS Static Analysis
Manual Static Analysis (7:13)
Automated Analysis with MobSF (10:48)
iOS Dynamic Analysis/Jailbreaking
Burp Suite Setup & Usage (4:56)
Proxyman - iOS (6:24)
SSL Pinning iOS (1:55)
Using Objection for iOS (9:35)
Jailbreaking (8:08)
Burp Mobile Assistant (Optional) (5:44)
SSL Killswitch (9:22)
Jailbreaking iOS 15.x-16.x (8:26)
SSL Killswitch iOS 15.x-16.x (3:06)
Traffic Interception iOS 15.x-16.x (3:06)
iOS Bug Bounty Hunt
Bug Bounty Hunt 1 - Nike App (18:03)
Bug Bounty Hunt 2 - Kohl's (11:57)
IPATool (Pull IPA from App Store - Updated)
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock