MOBILE APPLICATION

PENTESTING/HACKING
Be the Android Pentester That Industry Needs,
Uncover the vulnerabilities in Android Apps.

DCAP
Defronix Certified Android Pentester

BY DEFRONIX CYBERSECURITY PVT. LTD.

Defronix Academy
 DEFRONIX ACADEMY 100%

ANDROID HACKING/ PENTESTING COURSE – SYLLABUS DETAILS

OVERVIEW BY DEFRONIX CYBERSECURITY PVT. LTD.

CYBER SECURITY COMPANY

Hindi
 DEFRONIX ACADEMY 100%

This course is for educational purposes only. If any students try all such techniques in
an illegal way or try to harm anyone. Then Defronix is not responsible for such
malicious activities. Please don’t try on those organization/ application for which you
are not authorized. If you want to test any application, then first get permission for that
then only try on those applications.

In this training you will learn absolutely everything about android application hacking.
This course teaches you the ethical principles and enables you to become the top
expert of your company regarding to application security. We learn complex attacks in
the very easiest way that’s possible, by hacking a mobile application.
Section - I Java Programming Basic

In this section, we will learn about basic java programming language. Without the
knowledge of programming language specially in android app hacking is to set limits
on own. In this course we will learn how to reverse engineer an application? To do we
need to know basic knowledge of java programming language. After learning this you
can increase you pen testing skill into android application security area.

1. Introduction to java programming

2. Data Types
3. Variables
4. Class, Objects & interface
5. Logic & Loop
6. Methods/ Functions
7. Packages
8. Strings
9. Array
10. Error handling

Section - II Installation and Setup

In the installation section, we will analyse different smartphone setups, their strength,
and their weaknesses. We unlock our device and use certain features to start hacking
our first apps. We will learn how to analyse Bluetooth low energy connections and get
familiar with the Android Debug Bridge (ADB).

CYBER SECURITY COMPANY

Hindi
 DEFRONIX ACADEMY 100%

1. Installation of Linux Machine

2. Installation of Android Studio
3. Installation and usage of Emulator
4. Installation of x86 Virtual Machine
5. Developer Options
6. First Game Hacking (Developer Options)
7. Bluetooth low energy Hacking
8. Hands on Android Debug Bridge (ADB)
Section - III Android App Structure

In this section, we move on to the android app structure. Here we gain a rock-solid
understanding about the key components of an android application. We will analyze
the AndroidManifest.xml file and learn how to exploit activities, broadcast receiver and
content provider. We will write our own small application to exploit SQL injections and
path traversals vulnerabilities.

1. File Structure of APK file

2. Introduction to Dalvik/ Dex
3. Decompiling – Apk file Hands on
4. Detailed explanation – AndroidManifest.xml
5. Detailed explanation – Android App Permissions
6. Activities Hacking
7. Intents
8. Broadcast Receiver Hacking
9. Detailed explanation – Services
10. Content Provider Hacking
11. Application Signing Process

Section - IV Reverse Engineering

In this section, we take a deep dive into reverse engineering. We will learn how to
decompile an android application and reconstruct the Java code. We will have a look
at different decompilers and create flow and call graphs to deal with highly obfuscated
applications. Finally, a nice application is waiting for us to practice all the things we
have learned so far.

CYBER SECURITY COMPANY

Hindi
 DEFRONIX ACADEMY 100%

Section - V Smali

Then we have the treasure of this course, the SMALI chapter. SMALI is like an
assembly language of an android application and gives us unlimited power in hacking
them. We practice our skills by modifying our mobile applications.

Section - VI Man in the Middle

In the man-in-the-middle section, we will learn how to analyse the network traffic of
a mobile app. We will gain an understanding about HTTPS and how to analyse these
connections. We will learn how certificate pinning works and bypass several different
types of it.

CYBER SECURITY COMPANY

Hindi
 DEFRONIX ACADEMY 100%

Section - VII FRIDA

The last thing that is missing is FRIDA, which is an amazing framework to perform
runtime manipulations within an application. We will hook numerous methods into an
application. We will learn how to scan the memory for certain instances and how to
interact with the UI thread of an application. We will create new objects and practice
all of this by writing our own trainer for an application. We will do the analysis of a
native c function with Ghidra and the manipulation and modification with FRIDA.

Section - VIII OWASP Mobile Top 10

In this section, we are going to discuss about OWASP Mobile Top 10 vulnerabilities.
Some brief information about these vulnerabilities. Because till now whatever we
learn is enough to enough for any beginner to intermediate security researchers but

CYBER SECURITY COMPANY

Hindi
 DEFRONIX ACADEMY 100%

without knowledge of these vulnerabilities we are not able to identify which type of
vulnerabilities exists into applications.

Section - IX CTF Challenges

CTF Challenge – 01 Damn – Vulnerable Bank OWASP Top 10

CTF Challenge – 02 InsecureShop OWASP Top 10

CTF Challenge – 03 AndroGoat

CTF Challenge – 04 CrackMe Reverse Engineer Challenges

Live Challenge – 05 Live Bug Bounty Programme from BugCrowd

Live Challenge – 06 Student level Test on Live Programme

After getting through all these chapters you will be the top expert in android
application security of your company. Therefore, what you are waiting for ? :)

Who this course is for

• Security Analyst / Ethical Hacker

• Students & Working Professionals
• Android App Developer Who Wants To Develop A Secure App
• Bug Bounty Hunter / Aspiring Android App Pentester
• Everyone who likes to manipulate Android Apps

CYBER SECURITY COMPANY

Hindi
 DEFRONIX ACADEMY 100%

Course Duration:

Course duration might be of max 2.5 months to explore all the things that we require
to learn a good security analyst. Class timing will be promulgated in the What’s App
Group. One more important point, Seats are limited for this course, because we want
to focus on our every student.

For any query/questions you can contact us:

Call/WhatsApp: +91 9065570748,
Email: [email protected]

Click Here To Enroll Now

Thank You | Team Defronix

CYBER SECURITY COMPANY

Hindi