Tricks - Mobile Penetration Tester (Android and iOS)

[x] In construction...

Tricks Pentest Mobile - Android [Topics]

• Basic Apps Android

  • Android Architecture
  • Configuring Emulated Environment
  • Communication with ADB (Android Debug Mode)
  • Extract and Install apk

• Reverse Engineering Android

  • Sign the app
  • Install .aab
  • Smali Assembler and Disassembler
  • Dex to Java Decompiler
  • Reverse Engineering React Native in Bundle
  • Dump Information About an Object File - Lib

• Intercepting Traffic in Android Apps

  • Configuring Proxy
  • Adding Certificate to User
  • Adding Certificate to the System
  • Intercepting Mobile Apps in Flutter

• Magisk Tricks

  • Root AVD with Magisk - Emulated Environment
  • Plugins to automate recurring actions

• Hooking with Frida and Objection on Android

  • Install and Configure Frida and Objection
  • Frida Tricks
  • Objection Tricks
  • Frida Scripts for Enumeration

• Client-Side Protections - Android

  • Anti-Root Bypass
  • Anti-Emulator Bypass
  • SSL Pinning Bypass
  • End-to-End Encryption Bypass
  • Anti-Debugging Bypass
  • Anti-Frida Bypass
  • Flag Secure Bypass

• Access Control Android

  • Activity Exploitation
  • Content Provider Exploitation
  • Android Debug Mode Enabled
  • Crack Android Pattern Lock

• Insecure Data Storage Android

  • SQLite Databases
  • Shared Preferences
  • Internal Storage
  • External Storage
  • Backups for Sensitive Data
  • Dumping memory for Sensitive Data
  • Keystore

Tricks Pentest Mobile - iOS [Topics]

• Basic Apps iOS

  • iOS Architecture
  • Extracting a Decrypted .ipa from a Jailbroken Device
  • Install/Uninsttall an ipa

• Reverse Engineering iOS

  • Signing and Installing a Third-Party iOS Application - Require MacOS
  • Assembler and Disassembler
  • Dumping Class Information in Objective-C
  • Using swift-demangle

• Intercepting Traffic in iOS Apps

  • Configuring Proxy
  • Adding Certificate to User
  • Adding Certificate to System

• Jailbreak Information

  • Jailbreak Types (Untethered, Semi-Untethered, Semi-Tethered, Tethered)
  • Jailbreak Methods (Rootful, Rootless)
  • Communicating with your Jailbroken Device

• Hooking with Frida and Objection on iOS

  • Install and Configure Frida and Objection
  • Frida Tricks
  • Patching .ipa - Objection (non Jailbroken) - Require MacOS
  • Objection Tricks
  • Frida Scripts for Enumeration

• Client-Side Protections - iOS

  • Anti-Jailbreak Bypass
  • Anti-Emulator Bypass
  • SSL Pinning Bypass
  • Anti-Frida Bypass
  • End-to-End Encryption Bypass

• Insecure Data Storage - iOS

  • NSUserDefaults/UserDefaults
  • PList Files
  • SQLite
  • Core Data
  • Dumping Memory for Sensitive Data
  • Keychain
  • Backup
  • Realm
  • Cache

Tricks Pentest Mobile General- [Topics]

• Creating Scripts in Frida
  • Hook and Java Reflection
  • Structure for Creating the Script in Frida
  • Hands-On Scripts
• Misconfigured Google Maps API Key Hardcoded
• Facilitating Tools
  • Mobile Security Framework (MobSF) [Android/iOS]
  • scrcpy - screen copy [Android]
  • 3uTools - Useful Apple Mobile Device Management Tool [iOS]
  • Frida iOS hook - Tool to help Frida more easily
  • Grapefruit - iOS runtime application instrumentation tool based on frida
  • Runtime Mobile Security (RMS) - developed by FRIDA, it is a web interface that helps manipulate Android and iOS applications at runtime
  • Quick Android Review Kit [Android] - for searching for vulnerabilities in apps, capable of generating PoC's through the creation of deployable APKs and/or ADB commands for exploitation
  • Pithus - Mobile threat intelligence for the masses [Android/iOS]
  • libimobiledevice - "A cross-platform FOSS library written in C to communicate with iOS devices natively" [iOS]
• TLS and mTLS
• Open Source Projects for Protection in Mobile Apps
• Hands-on Labs
  • InsecureBankv2 [Android]
  • Damn Vulnerable Bank [Android]
  • goatdroid.apk [Android]
  • OVAA (Oversecured Vulnerable Android App) [Android]
  • EVABS (Extremely Vulnerable Android Labs) [Android]
  • Insecureshop [Android]
  • Allsafe [Android]
  • DVIA-v2 [iOS]
  • DVIA [iOS]
  • OWASP iGoat (Swift) [iOS]
  • Oversecured Vulnerable iOS App [iOS]
  • UnSAFE Bank [Android/iOS]