MOBILEAPP_PENTESTING_101
所属分类:调试/Bug
开发工具:Shell
文件大小:0KB
下载次数:0
上传日期:2023-10-11 05:25:38
上 传 者:
sh-1993
说明: 移动式预测试101,,
(MOBILEAPP PENTESTING 101,,)
文件列表:
ANDROID/ (0, 2023-10-16)
ANDROID/Android App 101/ (0, 2023-10-16)
ANDROID/Android App 101/Android Exploits 101.pdf (789436, 2023-10-16)
ANDROID/Android Exploitation/ (0, 2023-10-16)
ANDROID/CVE-2020-0096-StrandHogg/ (0, 2023-10-16)
ANDROID/OPEN_FIREBASE_EXPLOIT/ (0, 2023-10-16)
ANDROID/OPEN_FIREBASE_EXPLOIT/firebaseexploit.py (223, 2023-10-16)
ANDROID/SSL_CERT_INSTALLER_ANDROID7+/ (0, 2023-10-16)
ANDROID/SSL_CERT_INSTALLER_ANDROID7+/install.sh (451, 2023-10-16)
ANDROID/SSL_Pinning_Bypass/ (0, 2023-10-16)
Android - SSL-Pinning.pdf (954674, 2023-10-16)
PDF/ (0, 2023-10-16)
PDF/Android - SSL-Pinning.pdf (954674, 2023-10-16)
PDF/Mobile App Hackers Handbook.pdf (12541165, 2023-10-16)
PDF/Mobile-Security-Testing-Guide.pdf (25099974, 2023-10-16)
PDF/Mobile_Hacking_Android_cheatsheet_v0.1.pdf (323952, 2023-10-16)
PDF/Mobile_Hacking_iOS_cheatsheet_v0.1.pdf (287259, 2023-10-16)
PDF/iOS Application Security The Definitive Guide for Hackers and Developers.pdf (17092997, 2023-10-16)
PDF/iOS Hacking Guide.pdf (11151274, 2023-10-16)
PDF/pentest-report_smartsheriff-2.pdf (416497, 2023-10-16)
PDF/pentest-report_smartsheriff.pdf (1009530, 2023-10-16)
VulnerableApplications/ (0, 2023-10-16)
VulnerableApplications/app.apk (4770231, 2023-10-16)
VulnerableApplications/diva-beta.apk (1502294, 2023-10-16)
VulnerableApplications/periscope_1.25.5.93.apk (18368933, 2023-10-16)
VulnerableApplications/vulnwebview.apk (4770231, 2023-10-16)
# MOBILEAPP_PENTESTING_101
## EXPLOITS & LEARNING MATERIALS
### *Learning Materials*
- [Android Application Security Series by Aditya Agrawal](https://manifestsecurity.com/android-application-security/)
- [Tips for Mobile Bug Bounty Hunting](https://ivrodriguez.com/tips-for-mobile-bug-bounty-hunting/)
- [THE MOBILE APPLICATION HACKER'S HANDBOOK](https://github.com/mohammedshine/MOBILEAPP_PENTESTING_101/blob/master/PDF/Mobile%20App%20Hackers%20Handbook.pdf)
- [iOS Application Security: The Definitive Guide for Hackers and Developers]()
- [Awesome-android-security](https://github.com/saeidshirazi/awesome-android-security)
- [Cracking Damn Insecure and Vulnerable App (DIVA)](https://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable-apps-diva-part-1/#gref)
- [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13)
- [Twitter Thread by Baptiste Robert](https://twitter.com/fs0c131y/status/1129680329994907648)
- [ANDROID HACKING CHEATSHEET BY RANDORISEC](https://github.com/mohammedshine/MOBILEAPP_PENTESTING_101/blob/master/PDF/Mobile_Hacking_Android_cheatsheet_v0.1.pdf)
- [iOS HACKING CHEATSHEET BY RANDORISEC](https://github.com/mohammedshine/MOBILEAPP_PENTESTING_101/blob/master/PDF/Mobile_Hacking_iOS_cheatsheet_v0.1.pdf)
- [Damn Vulnerable iOS App solutions](http://highaltitudehacks.com/2015/04/03/damn-vulnerable-ios-app-solutions-free-for-download/)
- [HOW2HACK - GET STARTED HACKING MOBILE](https://www.hackerone.com/blog/How-to-Hack-Get-Started-Hacking-Mobile)
- [INTRODUCTION TO ANDROID HACKING BY @0XTEKNOGEEK](https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking)
- [Q&A WITH ANDROID HACKER BAGIPRO](https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro)
- [HACKER0x01](https://www.hacker101.com/sessions/mobile_crash_course.html)
- [Hacker101 - Mobile Hacking Crash Course](https://www.youtube.com/watch?v=hKF89TXttnw)
- https://www.youtube.com/watch?v=KxOGyuGq0Ts
- [Hacker101 - Android Quickstart](https://www.youtube.com/watch?v=y0O3sCX9ftM)
- [Mobile Pentesting with Frida](https://drive.google.com/file/d/1JccmMLi6YTnyRrp_rk6vzKrUX3oXK_Yw/view?usp=drive_open)
- [Awesome POC](https://blog.securitybreached.org/2020/02/19/hacking-sms-api-service-provider-of-a-company-android-app-static-security-analysis-bug-bounty-poc/)
- https://www.youtube.com/watch?v=hKF89TXttnw
- https://www.youtube.com/watch?v=y0O3sCX9ftM
- https://github.com/riddhi-shree/nullCommunity/tree/master/Android
- [Frida.ppt](https://drive.google.com/file/d/1JccmMLi6YTnyRrp_rk6vzKrUX3oXK_Yw/view?usp=drive_open)
- https://github.com/leonjza/frida-boot/blob/master/slides/frida-boot%20%F0%9F%91%A2.pdf
- [Android App Reverse Engineering 101](https://maddiestone.github.io/AndroidAppRE/)
- [MSTG](https://mobile-security.gitbook.io/mobile-security-testing-guide/)
- [TESLA-POC](https://www.anquanke.com/post/id/218396)
- https://mobisec.reyammer.io/
- [Practical Mobile app Attacks by Example Workshop-A7](https://www.youtube.com/watch?v=8TaPmsaaQgY)
- [BruCON 0x08 – Smart Sheriff, Dumb Idea. – Abraham Aranguren & Fabian Fssler](https://www.youtube.com/watch?v=AbGX67CuVBQ)
- [How to bypass Android certificate pinning and intercept SSL traffic](https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/)
- [An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0)
- [Android Hacking VirSecCon2020 talk](https://www.youtube.com/watch?v=mr64si_-YwI)
- [Android App Penetration Testing 101](https://www.youtube.com/watch?v=2uwhrfXCl4I)
- [Vulnerabilities of mobile OAuth 2.0 by Nikita Stupin](https://www.youtube.com/watch?v=vjCF_O6aZIg)
- [Advanced Android Bug Bounty skills - Ben Actis, Bugcrowd's LevelUp 2017](https://www.youtube.com/watch?v=OLgmPxTHLuY)
- [Introduction to Mobile Seciruty Testing [PDF]](https://lnkd.in/g2TJxsH)
- [Mediafire_POC](https://bugbountypoc.com/mediafire-andriod-app-leaking-sensitive-user-data/)
- [Android Application Pentest Guide](https://lnkd.in/gyQbExg)
- https://www.youtube.com/watch?v=QxRy9sVUMQU
- [Mobile App Security Testing](https://lnkd.in/gwwpqfH)
- [Android Mobile Hacking Workshop slides [2020]](https://lnkd.in/gQF9HQe)
- [Cryptography in Mobile Apps](http://bit.do/cryp-PT)
- [List of Tools / Scanners / Labs](https://lnkd.in/gmQhQuN)
- [Vulnerable APK's for practice](https://lnkd.in/gzq-HUc)
- [Mobilepentesting and bughunting](https://youtu.be/B-Kce0rZYAs)
- [Android SSL Pinning Bypass for Bug Bounties & Penetration Testing](https://www.youtube.com/watch?v=ENyEcwLaz-A)
- [Mobilepentesting and bughunting](https://youtu.be/B-Kce0rZYAs)
- [DeepLinks](https://hackerone.com/reports/855618)
- [Deeplinks1](https://dphoeniixx.medium.com/exploiting-request-forgery-on-mobile-applications-e1d196d187b3)
- [Android webview exploitation](http://www.nuckingfoob.me/android-webview-csp-iframe-sandbox-bypass/index.html)
- [Checklist](https://blog.softwaroid.com/2020/05/02/android-application-penetration-testing-bug-bounty-checklist/?preview=true&_thumbnail_id=101)
- [Farah Hawa-SAST](https://www.youtube.com/watch?v=a8Gh7d8GebA)
- [Android App Hacking Workshop](https://bughunters.google.com/learn/presentations/5783688075542528)
- [Strandhogg](https://www.youtube.com/watch?v=yI0Xh5Oc0x4)
- [android-security-awesome](https://github.com/ashishb/android-security-awesome)
# POC
- [Android Reports and Resources](https://github.com/B3nac/Android-Reports-and-Resources)
- [A New Way Of Brute force Passcode/Pin Protection By deep link](https://negativewives.blogspot.com/2020/04/a-new-way-of-brute-force-passcodepin.html)
- [Exploitation of Improper Export of Activities In Android Application](https://negativewives.blogspot.com/2020/04/improper-export-of-activities-in.html)
- [Passcode Protection Bypass By Brute Forcing On zoho](https://negativewives.blogspot.com/2020/04/passcode-protection-bypass-by-brute.html)
- [IDOR leading to downloading of any attachment](https://hackerone.com/reports/668439)
- [IOS 11.4 Siri Auth Bypass | CVE-2018-4238](https://blog.securitybreached.org/2018/05/22/ios-11-4-authentication-bug-siri-cve-2018-4238/)https://blog.oversecured.com/Android-Access-to-app-protected-components/
- [Access-to-app-protected-components](https://blog.oversecured.com/Android-Access-to-app-protected-components/)
- [Jailbreak for iOS 15.0 - 15.4.1, A12 and up] {https://ios.cfw.guide/installing-dopamine/}
- [Strandhogg](https://github.com/lucasnlm/strandhogg)
- [Rooting Pixel 5 and Bypassing Root Detection using Magisk](https://fury1337.notion.site/How-to-Root-Pixel-5-Bypass-Root-Detection-Safety-net-VA-PT_ISMS-b87fe53770fb49848f33b1dd3803129c)
# TOOLS
- [B3NAC](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/tools.md#mobile-hacking)
- [Sensepost](https://www.youtube.com/channel/UCeSBNDhEqcQSfeR8LEcD-NA/videos)
- [Objection](https://github.com/sensepost/objection)
- [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)
- [GplayCLT](https://github.com/matlink/gplaycli)
- [ADB](https://adbshell.com/commands/adb-install)
- [HttpToolKit](https://httptoolkit.tech/)
- [reFlutter](https://github.com/Impact-I/reFlutter)
- [Magisk](https://github.com/topjohnwu/Magisk/releases)
- [Androset](https://github.com/Anof-cyber/Androset)
# CTF
- [InjuredAndroid - CTF](https://github.com/B3nac/InjuredAndroid)
- [CyberTruckChallenge19](https://github.com/nowsecure/cybertruckchallenge19)
- [Reverse Engineering](https://braincoke.fr/blog/2021/03/android-reverse-engineering-for-beginners-dexcalibur/#about-dexcalibur)
- [hpandro](https://ctf.hpandro.raviramesh.info/)
近期下载者:
相关文件:
收藏者: