This course focuses on Android and iOS Mobile Application Penetration testing. The course will demonstrate common techniques to extract sensitive data from Android and iOS Application such as API Keys, stored secrets, and firebase databases, and provide a solid foundation for continuing a career as a Mobile Application Penetration Tester. This course will cover the common methodologies and practices you can utilize to start Bug Bounty hunting mobile applications.
Requirements:
The student should have:
A basic understanding of Web Application or API-based penetration testing
Some familiarity with Mobile Application platforms such as iOS and Android (like how to navigate to settings, install applications, etc.) is expected.
For the Android section of this course the following device requirements will apply:
Windows, Linux, or MacOS based machine
16 GB of RAM or more (to run virtual machines as well as emulated devices)
At least 250GB of available storage
For the iOS Section of this course the following device requirements will apply:
MacOS-based Machine (Macbook, Mac Mini, etc.), or Linux-Based physical machine with preferably with 16 GB of RAM as well as at least 250GB of available storage
Physical iPhone or iPad running iOS 16.x or less (for jailbreaking purposes)
What will I learn?
How to follow the Penetration Testing and Mobile Application Penetration Testing Processes
How to setup a lab environment to analyze both iOS and Android Mobile applications that are pulled directly from the Apple and Google Play Stores
Manual analysis of Mobile Applications for sensitive information such as URLs, Storage Buckets, Firebase Databases, and other Stored Secret
Automated analysis of Mobile Applications by using tools like MobSF
How to break SSL Pinning by using Objection and Frida for both iOS and Android
The OWASP Top Ten for Mobile
How to jailbreak an iOS device
