This course will teach students the basics of mobile hacking and give real world examples on how such techniques can be used. It will also provide guidance on how to use the knowledge in security audits and bug bounty hunting.
Who is this course for?
Intermediate, some experience in cybersecurity.
Why take it NOW?
Mobile hacking is an important aspect of cybersecurity that can definitely boost your skills and career.
Why this course?
Nearly everyone uses a mobile device, so why not learn how to exploit them?
This course consists of multiple techniques that can be used to exploit mobile devices.
What skills will you gain?
- Java Basics
- Usage of emulators
- Creating a remote access trojan
- Auditing mobile applications
What tools will you use?
- Android Studio
- Burp Suite
Course general information:
DURATION: 3 hours
CPE POINTS: On completion you get a certificate granting you 3 CPE points.
Course launch date: March 6th, 2023
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- Android Studio
- Kali Linux
What should you know before you join?
- Minimal exposure to the concepts of programming
- Experience with virtual machines
- Linux and Windows terminal usage
- Troubleshooting skills
YOUR INSTRUCTOR - Aleksander Wojdyła
Experienced pentester that focuses his research on mobile and web applications. Treats IoT hacking as a hobby. Enjoys learning new concepts and sharing his knowledge.
Before the course
Basics of programming and Java, Kali Linux/Virtual machine usage.
Android and iOS
This module provides basic and in-depth information on how those operating systems work. It will provide a fundamental backbone for the other topics.
Module 1 covered topics:
- Android vs IOS
- Rooting and Jailbreaking
Module 1 exercises:
- It is mostly a theory module, therefore, the exercises will consist of some researching tasks.
Java Programming and Reverse Engineering
This module will outline the basics of programming for mobile devices, specifically focusing on Java and Smali. This module does not aim to teach students how to create an app from scratch, but how to read and modify vulnerable applications.
Module 2 covered topics:
- Programming Theory
- Java Basics
- Smali basics
- Reverse Engineering tools
- Using an emulator
Module 2 exercises:
The students will have some quiz-like exercises as well as practical skills to test knowledge. It will mostly require research, as this will be based on reverse-engineering an app and finding a flag.
Mobile Trojans and Traffic Interception
This module will teach students how to create a trojan for a mobile device using the Metasploit framework (msfvenom). Students will also learn how they can intercept traffic from an app to view the requests and identify possible vulnerabilities.
Module 3 covered topics:
- Creating a mobile trojan
- Obfuscation techniques
- Using Burp Suite
- SSL Pinning
Module 3 exercises:
- Creating a trojan
- Obfuscating it
- Intercept traffic from a mobile app and try to find a flag
Vulnerable Application Audit and Bug Bounty Introduction
This module will focus on exploitation of a vulnerable app to show the process of auditing one. It will also be an introduction to the topic of bug bounty.
Module 4 covered topics:
- Bypassing authentication using code
- Smali changes
- Usage of msfvenom
- How to spread malware
Module 4 exercises:
- Exploitation of an app/will be the final exam