Android Pentesting

1. Weak Hashing & Encryption

2. iOS Security Model & Legacy Issue

2.1. Root Detection & Sandboxing

2.2. SSL Unpinning using Mallory

2.3. Use of Disabling certificate validation

3. Weak Cryptography

3.1. Poor key management process

3.2. Use of custom encryption protocols

3.2.1. Copy Paste Caching / Clipboard Leaking

4. Unintended Data Leakage

4.1. Logcat/ Logging

4.2. URL Caching (Both request and response)

4.3. GitHub

4.4. Keypress Caching & AutoCorrection Database

5. Reverse Engineering / Debugging

5.1. Unauthorized Code Modification

5.2. Insecure version of OS Installation Allowed

5.3. Code Obfuscation

6. Web-Based Exploitation

6.1. Abuse WebView

6.2. JS Enable Functionality

7. apkcombo.com

8. Lab Setup

8.1. Rooted Device

8.2. Genymotion

8.3. Burp Suite

8.4. APKTool & Dex2Jar

8.5. Jadx-GUI

8.6. MobSF & Qark

8.7. Drozer

9. Application Installation

9.1. From PlayStore

9.2. ADB

10. Insecure Data Storage

10.1. Android Directory Structure

10.2. In Sqlite Database

10.3. In shared_preference.xml

10.4. tmp directory

10.5. Source Code

10.6. Cache Directory

11. IPC / Components Exploitation

11.1. Exploit Exported Activity

11.2. Exploit Broadcast Receiver

11.3. Scheme

11.3.1. Custom Scheme

11.3.2. Universal Link

11.4. Exploit Content Provider

11.5. Misconfig Intent & Intent Filter

12. Runtime / Dynamic Analysis

12.1. Client/Server Side Attack

12.1.1. Sql Injection

12.1.2. Cross-site Scripting

12.1.3. Prediction Injection

12.1.4. XML Injection

12.2. Application Level DOS

12.3. Broken Authentication & Session Management

12.3.1. Session Terminating after Password Reset

12.3.2. Expired Token can be reused

12.3.3. Authentication Bypass using Success Response

12.3.4. OAuth Flow & 2FA Bypass

12.3.5. Cleartext Tranmission

12.4. Broken Access Control (BAC)

12.4.1. SSRF

12.4.2. Prev Escalation & IDOR

12.4.3. Unauthorized API Call