theAwful
  • Introduction
  • INTERNALS
    • Responder
      • NBNS/LLMNR
    • mitm6
    • Password Spraying
    • CME/NXC Cheatsheet
    • Kerberoasting
    • AS-REP Roasting
    • Dumping NTDS
  • Metasploit Payload and Listener
    • Encoder
    • Word Macros
    • Payloads
      • Earlybird
    • Metasploit Modules
  • OSEP Cheat Sheet
  • OSEP Challenges
    • Challenge 6
  • C2
    • Sliver
  • Privilege Escalation
    • PowerUp
    • Privilege Escalation
      • Internal Privilege Escalation (Linux)
  • Windows Local Recon
    • SQL Server
    • Application Whitelisting and Credentials
  • Linux Local Recon
  • File Transfer & Execution
  • Phishing
  • Ansible/Jfrog
  • Pivoting
  • Pass-the-hash
  • Remote Access
  • Post-Exploitation
    • Add User
    • AMSI, CLM, AppLocker
  • Credentials
  • Lateral Movement
  • Domain Enumeration
    • Users and Computers
    • ACLs
    • BloodHound
    • GPO
    • Trusts
    • User Hunting
  • Active Directory
    • Domain Recon - Kali
    • Domain Recon - Windows
    • Trusts
    • ADCS
      • ESC3
  • Web Application Testing
    • Host Headers
    • WAF Bypasses
    • Template Injection
    • Prototype Pollution
      • Client-side Prototype Pollution
    • Autorize
    • SQLmap
    • SSRF
    • File Uploads
    • Command Injection
    • XXE
      • Blind XXE
    • CSRF
    • XSS
      • XSS Methodology
      • Bypass WAF
  • MOBILE APPS
    • iOS
      • Install Tools
      • SSL Killswitch
    • Android
      • Install Tools
      • Setting up Burp
      • Red Teaming
  • Exploit Dev
    • AMSI Bypass
      • AMSI OpenSession
      • AMSI ScanBuffer
    • VBA Obfsu
    • APC Injection
    • EarlyBird Injection
  • DFIR
    • Malware Analysis
    • Memory Analysis
      • Volatility
    • Registry Analysis
      • RegRipper
    • Behavior Analysis
      • ShellBags
      • UserAssist
    • Filesystems
  • VISUAL STUDIO
    • Tricks
  • Scripts and Tools
    • Grep IPs from DNS ping
    • OSINT.sh
Powered by GitBook
On this page
  • Setup and Configuration
  • ADB (Android Debug Bridge)
  • Dynamic Analysis
  • Dynamic Analysis Tools
  • Common Dynamic Analysis Techniques
  • Vulnerabilities Covered by MobSF
  • Android Red Teaming
  • Techniques and Tools
  1. MOBILE APPS

Android

Setup and Configuration

ADB (Android Debug Bridge)

ADB is a versatile command-line tool that allows you to communicate with a device. It is essential for various aspects of Android security testing.

Common ADB Commands:

adb devices # List connected devices
adb shell # Open a shell on the device
adb pull /sdcard/ # Pull files from the device
adb push <local> <remote> # Push files to the device
adb install <apk> # Install an APK on the device
adb uninstall <package> # Uninstall an APK from the device
adb logcat # View the system log
adb shell pm list packages # List installed packages
adb shell pm dump <package> # Dump the state of a package
adb shell am start -n <package>/<activity> # Start an activity
adb shell screencap /sdcard/screenshot.png # Capture a screenshot

Frida is a dynamic instrumentation toolkit used for reverse engineering and exploring the behavior of applications.

Common Frida Commands:

frida-ps -U # List processes on a connected device
frida -U -p <pid> # Attach to a process
frida -U -f <package> -l <script.js> # Inject a script into an application
frida-trace -U -i '<function>' <package> # Trace specific functions
Java.perform(function () {
    var MainActivity = Java.use('com.example.app.MainActivity');
    MainActivity.someMethod.implementation = function () {
        console.log('someMethod called');
        return this.someMethod.apply(this, arguments);
    };
});

Dynamic Analysis

Dynamic Analysis Tools

  • Frida: Use Frida for real-time instrumentation and manipulation of app behavior.

  • Burp Suite: Utilize Burp Suite for intercepting and analyzing HTTP/HTTPS traffic.

Common Dynamic Analysis Techniques

  • Network Traffic Analysis: Inspect and manipulate network traffic to identify security issues such as sensitive data leakage.

  • Code Injection: Test for code injection vulnerabilities using Frida scripts or other tools.

  • Runtime Analysis: Observe app behavior and interactions during runtime to identify potential vulnerabilities.

Vulnerabilities Covered by MobSF

MobSF (Mobile Security Framework) provides automated analysis for various vulnerabilities:

  • Insecure Data Storage: Detection of sensitive data stored insecurely on the device.

  • Insecure Communication: Identification of unencrypted or poorly encrypted network traffic.

  • Insecure Code: Analysis of code for insecure coding practices and vulnerabilities.

  • Improper Platform Usage: Detection of misuse of platform features or permissions.

  • Code Injection: Identification of potential code injection points.

Android Red Teaming

Android Red Teaming involves simulating real-world attacks to test the security posture of Android applications and devices.

Techniques and Tools

  • Exploitation of Vulnerabilities: Use identified vulnerabilities to gain unauthorized access or control.

  • Social Engineering: Employ social engineering techniques to trick users into revealing sensitive information or installing malicious apps.

  • Persistence Mechanisms: Analyze and test for persistence mechanisms to maintain access to the device.

  • Privilege Escalation: Identify and exploit weaknesses to escalate privileges on the device.

  • Root/Jailbreak Detection: Test for the app’s ability to detect and respond to rooted or jailbroken devices.

PreviousSSL KillswitchNextInstall Tools

Last updated 9 months ago