Course

Introduction to Android Authentication Architecture, Network communication, Cryptography. Reverse Engineering – Assets and resources, Application mapping with Manifest, Resources. Understanding vulnerabilities – Data Storage (logging sensitive data, insecure file management), Local databases (Encryption, Hashing), External Storage, Authentication (Validation and Authorization), Network API (SSL Certificates, HTTPS), Platform API, Exported Activities, Browsable/Custom Intents, Username enumeration, Broken Cryptography, Insecure Key Management. Traffic Analysis and interpretation. Reverse Engineering and Analyzing Native Libraries. Introduction and hands-on of tools for pentesting – frida, objection, runtime mobile security, MobSF, Adhirit, drozer, burpsuite etc, Identification and Analysis of Android Malware and Spyware. Penetration Test report writing.

1. Aditya Gupta, “Learning Pentesting for Android Devices”
2. Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehouse, “The Mobile Application Hacker’s Handbook”, ISBN: 978-1-118-95850-6, February 2015

• CO1: Understand how to perform dynamic analysis and application execution behavior(PSO4,PSO2)
• CO2: Understanding attack vectors and recent attacks on mobile platform (PSO2,PSO3)
• CO3: Learn to perform penetration testing on Android applications (PSO3,PSO4)
• CO4:Understanding packers and obfuscation techniques used in Malware/Spyware/Ransomware (PSO2, PSO4)