ANDROID HACKING AND

PENETRATION TESTING COURSE

BY
JSINFOSEC
WWW. JSINFOSEC .COM

Course Description
Android Hacking and Penetration Testing course is a highly practical and hands on video course.
The course will focus on the tools and techniques for testing the Security of Android Mobile
applications. During the course, students will learn various topics such as Android architecture,
Android security model, Android Application Pentesting and Exploitation, Reversing Android
applications, static and dynamic analysis of android malware etc. After finishing this course you
will be able to perform Penetration testing on Android device and its applications

Who Should Take The Course?

The course does not require any prior knowledge or programming, the course is ideal for
Penetration Testers, Security Enthusiasts, Developers and Students who are interested in
Mobile Application Development and Penetration Testing.

Jsinfosec.com
 SYLABUSS

Module - 1 Introduction

1. Introduction to the course

2. About the Instructors
3. Course Instructions
4. Need for Mobile Security OWASP Top 10 Mobile Risks

Module - 2 Lab Setup for the Course

5. Lab Setup
6. Installing Ubuntu on VMware
7. Setting Up an Android Pentesting Environment on Ubuntu

Module - 3 Getting Familiar with Android Developer tools

8. Eclipse IDE
9. Android Debug Bridge (ADB)

Module - 4 Android Architecture and Security Model

10. A Brief Intro To Android

11. Android Booting Process
12. Androids Architecture
13. Androids Data Structures and File Systems
14. Android Applications
15. Android Security Model
16. Android Permissions
17. Google Bouncer

Jsinfosec.com
Module - 5 Interacting With Android Devices

18. Differences between Android Emulator and Android Device

19. Interacting with Android Device via USB
20. All About Rooting
21. SSH
22. VNC
23. Busy Box

Module - 6 Android Network Analysis

24. Setting Up A Proxy for Android Emulator

25. Setting Up A Proxy for Android Device
26. Installing CA Certificate
27. Real World Man in the middle (MITM)
28. Real World SSL Man in the middle (MITM) Attacks
29. Data Manipulation

Module - 7 Android Reversing and Malware Analysis

30. APK files in a Nutshell

31. Introduction to Reverse Engineering
32. Reversing to get Source code of the Application
33. Reversing With APK tool
34. Introduction To Android Malwares
35. Static Analysis vs. Dynamic Analysis
36. Dynamic Analysis of Android Malwares
37. Static Analysis of Android Malwares
38. Introduction To Android Tamer
39. Dynamic Analysis Of Android Malware with Droid Box

Module - 8 Android Application Pentesting and Exploitation

40. Installing JSinfosec Vulnerable Applications

41. Introduction To Android Application Pentesting
42. Fuzzing Android Applications with Burp - Proxy
43. Fuzzing Android Applications with Burp Intruder

Jsinfosec.com
 44. Attacking Authentication
45. Content Provider Leakage
46. Client Side Injection
47. Insecure Data Storage - Shared Preferences
48. Insecure Data Storage - SQLite Data bases
49. Unintended Data Leakage
50. Broken Cryptography
51. Automated Security Assessments with Drozer
52. Exploiting Android Devices Using Metasploit

Module - 9 Android Device and Data Security

53. Android Device Protection

54. Bypassing Android Locks
55. Android Data Extraction

Module - 10 Using Android as a Pentesting Platform

56. A Look into Commonly used Penetration testing & Hacking Android Applications
57. PWN Pad on Nexus 7
58. Kali Linux on Android

Module - 11 Conclusion And Road Ahead

59. Android Pentesting Check List

60. Android Security Practices
61. Course Summary And Revision
62. Conclusion

Jsinfosec.com
 Jsinfosec.com