Wanna learn some cool hacking shit?

I’ve started making training courses.

Advanced Android Hacking

Learn the current record holder for “most amount of bugs” used in a Pwn2Own chain

Mobile Hacking Lab link: https://www.mobilehackinglab.com/course/advanced-android-hacking

Description

In this course you’ll see the mindset, techniques, and strategies behind turning small flaws into full mobile device compromises.

You will then practice those exact steps on interactive mobile devices and specially created labs that recreates the longest Pwn2Own bug chain.

Key takeaways:

  • Exploit Chaining: Learn how to find logic bugs that can compromise a device

  • Exploitation: Build remote exploits by chaining multiple vulnerabilities

  • Device Compromise: Learn to compromise devices remotely

If you already understand how to trace functions and hook methods and want to experience what it is like to chain multiple findings together, this course is for you!

Pentesting Exploits Noted In Smartphones (Android Edition)

Learn some Android hacking techniques used in CVE exploits and hacking competitions

Course is currently unavailable for now…

Description

Are you an Android penetration tester looking to expand your skill set beyond the usual vulnerabilities and dive deep into the more advanced areas of Android security? This hands-on course is precisely for you.

It’s not just about examining exported activities and keystore access. This course delves into the intricacies of how Android applications communicate with each other. You’ll see firsthand how a malicious application can exploit misconfigurations in Intents, Content Providers, and other components to compromise or abuse target apps.

Using our Axolotl test application, created specifically for this course, you’ll practice building your own “attacker” application designed to exploit each discovered vulnerability. Real-life examples will help you connect the dots between theoretical knowledge and practical attacks frequently encountered in the wild. By the end, you’ll not only have honed your existing penetration testing expertise, but also gained the highly specialized insight needed to tackle loopholes in Android apps.

What this course covers:

  • Intent Mechanics: Explore getIntent(), Browsable Intents, NFC tag exploits, and MIME-type hijacking.

  • Unexported Content Providers: Abuse grantUriPermissions in ways typical testing overlooks.

  • WebView Vulnerabilities: Understand JavaScript Bridge threats, file access tricks, and Cross-Origin policy flaws.

  • Custom Permissions: Delve into custom permission structures for exploitation scenarios.

  • Loading Custom DEX Files: Dynamically inject malicious code into target apps to bypass security measures.

If you already understand the foundations of Android penetration testing and want to push the limits by exploring additional vulnerabilities and attack surfaces, this course is your gateway to the cutting edge of Android security.