Pentest Android Applications Junior - 2 days
Android is one of the most popular mobile operating systems on the market and on which many applications are developed. This ecosystem defines standards for implementation, communication, storage and security mechanisms that are specific to it and that developers must respect.
During this two-day training, participants will discover the specificities of implementing Android applications and will study the methodologies and techniques used to analyze them.
2 days ( 14 hours )
2 course modules
9 Android applications with hands-on exercises
Public and prerequisites
This training is suitable for people with notions of offensive security but no prior experience in auditing Android applications. It is mainly aimed at pentesters and Android developers.
Notions of offensive security and network and Unix knowledge are recommended.
Fundamentals: operation of an application and the Android ecosystem ( services, intents, keystore, APK format, cache file, shared prefs, backup mechanism ). Static analysis: analysis of permissions and interactions with the system and other applications, presentation of analysis tools and explanation of common artifacts giving information about the activities of an application.
Dynamic analysis: architecture of an application at runtime, mechanism for interception and instrumentation of Java code, presentation of Frida and Objection to automate classic workarounds or obtain information. Practical cases: hands-on exercises on Android applications.