Cappricio University

Mobile Apps BugBounty

And

Penetration Testing

profile card
Karthikeyan V
Mentor For Mobile Apps BugBounty And Penetration Testing
India , Chennai
7
Courses
10
Writeups
85
Works
Enroll Now!

Requirements:
  • Basic IT skills
  • Basic Coding knowledge
  • Basic knowledge of Linux and/or Windows
  • Understand basic computer networking
  • Laptop or PC with minimum 4 GB Ram
  • Android Studio for malware Development
  • iPhone Above 6 or SE
  • Android Mobile Not Mandatory

NOTE:

  • This course is created only for educational purposes and all the attacks are launched in live Mobile application not in labs and All the attacks shown in this course are properly disclosed

Who this course is for:

  • Android/iOS Developers
  • IT students and/or passionate
  • Anyone who want to learn the ethical hacking and penetration testing process
  • Anyone who want to learn the Android/iOS app penetration testing and Bugbounty

What you will learn:

  • Burp suite
  • Recon
  • Web exploitation
  • OWASP Mobile bugs
  • Android malware development
  • Android app penetration testing
  • Android apps bug Bounty
  • iOS app penetration testing
  • iOS apps bug Bounty
  • iPhone OS penetration testing
  • Source Code Analysis
  • Unique bugs with high impact
  • Understand Mobile application's security principles and potential dangers
  • As a Mobile application developer you will understand how to secure your application
  • Understand the penetration testing process
  • Report writing

Course Details:

  • Duration : 25 days
  • Ordinary pricing : 5500 inr
  • Course language : Tamil
Enroll Now!

Course Curriculum

Chapter - 1 : Setting up Environment

  1. 1. Emulator Setup 1
  2. 2. Emulator Setup 2
  3. 3. Android Studio Overview
  4. 4. Exploring Android Studio
  5. 5. Developing 1st app frontend
  6. 6. Developing 1st app backend
  7. 7. Testing via ADB
  8. 8. Tools installation 1
  9. 9. Tools installation 2

Chapter - 2 : Recon

  1. 1. Getting our Scope Data
  2. 2. Reversing Android apk
  3. 3. Source Code Analysis 1
  4. 4. Source Code Analysis 2
  5. 5. Malware Analysis 1
  6. 6. Malware Analysis 2

Chapter - 3 : Bug - Sensitive Information Disclosure

  1. 1. About Sensitive Information Disclosure
  2. 2. Live Hunting for Sensitive Information Disclosure 1
  3. 3. Live Hunting for Sensitive Information Disclosure 2
  4. 4. POC Sensitive Information Disclosure 1
  5. 5. POC Sensitive Information Disclosure 2
  6. 6. POC Sensitive Information Disclosure 3 (Bounty - $2,500)

Chapter - 4 : Bug - Android Web interface Exploit

  1. 1. About Android Web interface Exploit
  2. 2. Source code Analysis for Android Web interface Exploit 1
  3. 3. Source code Analysis for Android Web interface Exploit 2
  4. 4. Malware development for Android Web interface Exploit
  5. 5. Exploiting Android Web interface Bug with our Malware
  6. 6. Live Hunting for Android Web interface Exploit 1
  7. 7. Live Hunting for Android Web interface Exploit 2
  8. 8. POC 1 Android Web interface Exploit (OPPO Android app | Hackerone Scope)
  9. 9. POC 2 Android Web interface Exploit (Neteller Android app | BugCrowd Scope)
  10. 10. POC 3 Android Web interface Exploit (Moneybookers Android app | BugCrowd Scope)
  11. 11. POC 4 Android Web interface Exploit (Skrillpayments Android app | BugCrowd Scope)

Chapter - 5 : Bug - Android SDK API Exploit

  1. 1. About Android SDK API Exploit
  2. 2. Source code Analysis for Android SDK API Exploit 1
  3. 3. Source code Analysis for Android SDK API Exploit 2
  4. 4. Malware development for Android SDK API Exploit
  5. 5. Exploiting Android SDK API Bug with our Malware
  6. 6. Live Hunting for Android SDK API Exploit 1
  7. 7. Live Hunting for Android SDK API Exploit 2
  8. 8. Live Hunting for Android SDK API Exploit 3
  9. 9. Live Hunting for Android SDK API Exploit with bypassing java security 4
  10. 10. POC 1 Android SDK API (Faithfull Android app | BugCrowd Scope)

Chapter - 6 : Bug - Android Activity Exploit

  1. 1. About Android Activity Exploit
  2. 2. Source code Android Activity Exploit 1
  3. 3. Source code Android Activity Exploit 2
  4. 4. Malware development for Android Activity Exploit
  5. 5. Exploiting Android Activity Bug with our Malware
  6. 6. Live Hunting for Android Activity Exploit 1
  7. 7. Live Hunting for Android Activity Exploit 2
  8. 8. Malware Development for Face cam hacking without android permission
  9. 9. Live Bug report writing and submission on BugCrowd
  10. 10. POC 1 Android Activity Exploit ( Android app | BugCrowd Private program)
  11. 11. POC 2 Android Activity Exploit leads to Face cam Hacking ( Android app | BugCrowd Private program)

Chapter - 7 : Bug - Android App Link Exploit

  1. 1. About Android App Link Exploit
  2. 2. Source code Android App Link Exploit 1
  3. 3. Source code Android App Link Exploit 2
  4. 4. Live Hunting for Android App Link Exploit 1
  5. 5. Live Hunting for Android App Link Exploit 2
  6. 6. Live Hunting for Android App Link Exploit 3
  7. 7. Live Bug report writing and submission on Twitter Android app (Hackerone Program)
  8. 8. POC 1 Android App Link ( Twitter Android app | Hackerone Private program)

Chapter - 8 : Dynamic Attack Setup

  1. 1. About Dynamic Attack
  2. 2. Burp Suite setup for Android
  3. 3. SSL Unpinning on Any Android Application
  4. 4. Live Hunting Android Dynamic Bugs 1
  5. 5. Frida Server Setup
  6. 6. SSL Bypass via Frida Server 1
  7. 7. SSL Bypass via Objection 1
  8. 8. SSL Bypass via Frida Server 2
  9. 9. SSL Bypass via Frida Server 3
  10. 10. SSL Bypass via Objection 2
  11. 11. Root Bypass via Frida
  12. 12. Root Bypass via Objection
  13. 13. Live Hunting Android Dynamic Bugs 2
  14. 12. POC Android Dynamic Bug

Chapter - 9 : Bug - Android DB Exploit

  1. 1. About Android DB Exploit
  2. 2. Live Hunting Android DB Exploit 1
  3. 3. Live Hunting Android DB Exploit 2
  4. 4. Live Hunting Android DB Exploit 3
  5. 5. Live Hunting Android DB Exploit 4
  6. 6. POC Android DB Bug leads to Account Takeover (Indeed Android app | BugCrowd program)

Chapter - 10 : Bug - Android Insecure Logging

  1. 1. About Android Insecure Logging Exploit
  2. 2. Live Hunting for Insecure Logging Exploit 1
  3. 3. Live Hunting for Insecure Logging Exploit 2
  4. 4. POC Android Insecure Logging (Transferwise Android app | Bugcrowd program)

Chapter - 11 : Android Games Hacking & Reverse Engineering

  1. 1. About Android Games Hacking
  2. 2. Recon for Game Hacking
  3. 3. Live Hacking --> Game coins & Gems (PlayStore App) Not mod apk

Chapter - 12 : Extra Android Bugs POC

  1. 1. POC 1.6 Billion Data Leaking Google App
  2. 2. POC Exploited Google Hangout Android App
  3. 3. POC No Rate Limiting in android app
  4. 4. POC Weak Password Function in Android app
  5. 5. POC FB SDK Misconfigured in Android app

Chapter - 13 : iOS Apps Hunting Setups

  1. 1. About iOS Apps Hunting
  2. 2. Jail Breaking iOS Device
  3. 3. Installing Frida Server
  4. 4. Communicating with Frida
  5. 5. Burp Suite setup for iOS Device
  6. 6. SSL Bypass via Frida Server 1(iOS)
  7. 7. SSH Into iOS
  8. 8. SSL Bypass iOS 1
  9. 9. SSL Bypass iOS 2

Chapter - 14 : iOS Apps Hunting

  1. 1. Recon For iOS Apps Hunting
  2. 2. Hunting iPhone OS (Apple Scope)
  3. 3. Account Takeover On iOS App
  4. 4. POC 1 Account Takeover On iOS App (Glassdoor iOS App | Hackerone Program)
  5. 5. POC 2 Account Takeover On iOS App (EERO iOS App | BugCrowd Program)
  6. 6. POC 3 No Rate Limiting On iOS App (iOS App | BugCrowd Private Program)
  7. 7. Exporting IPA
  8. 8. Live iOS Static Code Analysis 1
  9. 9. Live iOS Static Code Analysis 2
Enroll Now!

Course Content and trailer Videos