Permission exploitation using Insecure Content Provider

Permission exploitation using Insecure Content Provider

Preview unavailable

You must log in or sign up to view this lesson.

LoginSign up

Advanced Android and iOS Hands-on Exploitation

Buy nowLearn more

Introduction to the Class

  • Thanks for Joining2
  • How to get the most out of this training

Android Internals

  • Introduction to Android
  • Android Ecosystem and Research Opportunities
  • Building Blocks
  • Linux Kernel
  • HAL, ART and API1
  • Android Basics

Lab Setup

  • Setting up the Lab
  • Android Studio - Overview
  • Genymotion Introduction
  • Installing VM

Android: Interacting and Exploring

  • ADB: Introduction and Usage1
  • Package Manager
  • Android File System5

Deconstructing Android apps

  • Application Journey
  • Inside an APK
  • Reversing Android apps: Overview1
  • Sample Android App
  • AndroidManifest.xml
  • Decompiling using JADx
  • APKTool and Intro to Smali
  • Patching Android Binaries2

Exploiting Android Components

  • Android Apps Components
  • Introduction to Activities and Intents
  • Demo App using Activities and Intents1
  • Exploiting Activities1
  • How to find vulnerabilities
  • Unlocking Premium Components
  • Android Fragments Introduction
  • Exploiting Fragments
  • Exported Behavior of Android IPC Components

Intent Filters, Broadcasts Receivers and Deep Links

  • Intent-Filters1
  • Broadcast Receivers - Introduction
  • Exploiting a Dynamic Broadcast Receiver
  • Exploiting Intent Filters based vulnerabilities
  • Introduction to DeepLinks
  • Exploiting Deep Links6
  • Exploiting Deep Links - 22

Data Handling in Android applications

  • Data Storage - Introduction
  • What are Shared Preferences?
  • Assessing a Vault application
  • Decrypting sensitive data stored in Shared Preferences
  • Introduction to SQLite
  • Working with SQLite4
  • Introduction to Firebase
  • Identifying Firebase vulnerabilities
  • Introduction to Content Providers
  • Content Provider Security overview
  • Find and Query Content Providers
  • Introduction to Drozer
  • Exploiting Leaking Content Providers
  • Permission exploitation using Insecure Content Provider
  • Sniffing data in Broadcasts
  • introduction to External Data Storage
  • Analyzing Applock Vault app
  • Analyzing pin implementation1
  • Hex manipulation to safely store vault content

Network Security

  • Network Security approach
  • Network Security in Android
  • Introduction to Proxying
  • Setting up network proxy with Android device
  • Analyzing malware application traffic
  • Intercepting SSL traffic
  • Android Certificate/Key pinning
  • Bypassing SSL pinning using Binary modification
  • Android Webviews

Dynamic Process Instrumentation

  • Dynamic Instrumentation - What, Why and How
  • Frida 101
  • Frida setup for Android
  • Frida REPL and JS
  • Using Frida API
  • Frida + Python for app enumeration
  • Tracing instruction and method calls
  • Method Hooking
  • Accessing and Manipulating variables
  • Invoking functions
  • Method Overloading
  • Using Frida for SSL traffic analysis
  • Introduction to Objection1
  • Objection for app analysis
  • Native Library Analysis2
  • Debugging Native Libraries

iOS : Getting Started

  • Introduction to the iOS section
  • iOS outline
  • iOS - 1000 ft view
  • iOS Platform and Application security fundamentals
  • Jailbreaking

Interacting with iOS

  • Application Signing1
  • Lab Setup: iOS Device
  • Lab Setup: Host
  • Exploring iOS File System

Dev Foundations

  • Dev Foundations overview
  • Xcode Deep Dive
  • Obj-C Internals
  • Swift
  • Models, Views and Controllers
  • Delegates and Protocols1
  • Frameworks and Packages
  • Models Views and Controllers

iOS App Deep Dive

  • App Distribution
  • Dumping iOS apps
  • App Encryption
  • MachO binary
  • Information Property List
  • Frameworks and Assets
  • Intents and Application Extensions
  • Code Signing Deep Dive
  • Simulator

Data Handling in iOS apps

  • App Inspection: Data
  • Bundle
  • Data Storage Types
  • Data Protection API
  • Data Security Tools
  • Using Frida for File System tracing
  • User Defaults
  • Plist
  • Bypassing App Restricitons
  • Core Data
  • Cookies
  • Keychain
  • Keychain-II
  • Pasteboard
  • Cache
  • Memory

iOS Networking

  • Introduction to iOS Networking
  • Network traffic capture in iOS
  • Intercepting secure communication
  • Inspecting iOS Network Data
  • iOS webview
  • Remote Virtual Interfaces

iOS Binary Exploitation

  • Binary Inspection
  • Dissecting MachO
  • Classes and Methods
  • Reversing iOS Binaries for analysis
  • Binary Analysis using Ghidra for iOS
  • iOS Binary Patching
  • iOS App Repackaging

iOS Instrumentation and Debugging

  • Instrumentation & Debugging1
  • iOS Process Exploration
  • Object property modification
  • Tracing Program Execution - I
  • Tracing Program Execution - II
  • Manipulating runtime - Part I
  • Manipulating runtime - Part II
  • Intro to Debugging
  • ARM Calling Convention
  • Runtime Manipulation with Debugging - Part 1
  • Runtime Manipulation with Debugging - Part 2
  • Runtime Manipulation w: Instrumentation
  • Anti-Debugging Protection
  • THEOS : Introduction & Setup
  • Hooking into SpringBoard
  • Writing Theos Patches
  • Permanent security patches

Classroom Project

  • Classroom Project