Are you an Android penetration tester looking to expand your skill set beyond the usual vulnerabilities and dive deep into the more advanced areas of Android security? This hands-on course is precisely for you.
It’s not just about examining exported activities and keystore access. This course delves into the intricacies of how Android applications communicate with each other. You’ll see firsthand how a malicious application can exploit misconfigurations in Intents, Content Providers, and other components to compromise or abuse target apps.
Using our Axolotl test application, created specifically for this course, you’ll practice building your own “attacker” application designed to exploit each discovered vulnerability. Real-life examples will help you connect the dots between theoretical knowledge and practical attacks frequently encountered in the wild. By the end, you’ll not only have honed your existing penetration testing expertise, but also gained the highly specialized insight needed to tackle loopholes in Android apps.
What this course covers:
- Intent Mechanics: Explore `getIntent()`, Browsable Intents, NFC tag exploits, and MIME-type hijacking.
- Unexported Content Providers: Abuse `grantUriPermissions` in ways typical testing overlooks.
- WebView Vulnerabilities: Understand JavaScript Bridge threats, file access tricks, and Cross-Origin policy flaws.
- Custom Permissions: Delve into custom permission structures for exploitation scenarios.
- Loading Custom DEX Files: Dynamically inject malicious code into target apps to bypass security measures.
If you already understand the foundations of Android penetration testing and want to push the limits by exploring additional vulnerabilities and attack surfaces, this course is your gateway to the cutting edge of Android security.
