Penetration Testing: A Survival Guide. A Survival Guide

(ebook) (audiobook) (audiobook)

Autorzy:: Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran

Promocja Przejdź

Penetration Testing: A Survival Guide. A Survival Guide Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran - okladka książki

Penetration Testing: A Survival Guide. A Survival Guide Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran - audiobook MP3

Penetration Testing: A Survival Guide. A Survival Guide Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran - audiobook CD

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Dostępne formaty::      PDF

     ePub

     Mobi

Ebook (278,10 zł najniższa cena z 30 dni)

~~319,00 zł~~ (-91%)
29,90 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

(278,10 zł najniższa cena z 30 dni)

Przenieś na półkę

Do przechowalni

The need for penetration testers has grown well over what the IT industry ever anticipated. Running just a vulnerability scanner is no longer an effective method to determine whether a business is truly secure. This learning path will help you develop the most effective penetration testing skills to protect your Windows, web applications, and Android devices.
The first module focuses on the Windows platform, which is one of the most common OSes, and managing its security spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Employs the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. In this module first,you’ll be introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities so you can exploit a system remotely. You’ll not only learn to penetrate in the machine, but will also learn to work with Windows privilege escalations.
The second module will help you get to grips with the tools used in Kali Linux 2.0 that relate to web application hacking. You will get to know about scripting and input validation flaws, AJAX, and security issues related to AJAX. You will also use an automated technique called fuzzing so you can identify flaws in a web application. Finally, you’ll understand the web application vulnerabilities and the ways they can be exploited.
In the last module, you’ll get started with Android security. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. You’ll begin this journey with the absolute basics and will then slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. You’ll gain the skills necessary to perform Android application vulnerability assessments and to create an Android pentesting lab.
This Learning Path is a blend of content from the following Packt products:
• Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo Weaver
• Web Penetration Testing with Kali Linux, Second Edition by Juned Ahmed Ansari
• Hacking Android by Srinivasa Rao Kotipalli and Mohammed A. Imran

Wybrane bestsellery

O autorach książki

Wolf Halton is an Authority on Computer and Internet Security, a best selling author on Computer Security, and the CEO of Atlanta Cloud Technology. He specializes inbusiness continuity, security engineering, open source consulting, marketing automation, virtualization and data center restructuring, network architecture, and Linux administration. Wolf has been a security engineer since 1999 and has been training security engineers since 2005.

Bo Weaver is an old school ponytailed geek. His first involvement with networks was in 1972 while in the US Navy working on a R&D project called ARPA NET. Here he also learned the power of UNIX and how to out smart the operating system. Bo has been working with and using Linux daily since the 1990's and a promoter of Open Source. (Yes, Bo runs on Linux.) Bo has also worked in physical security fields as a private investigator and in executive protection. Bo now works as the senior penetration tester and security researcher for CompliancePoint a Atlanta based security consulting company. Bo is Cherokee and works with native youths to help keep native traditions alive and strong.

Srinivasa Rao Kotipalli (@srini0x00) is a security researcher from India. He has extensive hands-on experience in performing web application, infrastructure, and mobile security assessments. He worked as a security consultant at Tata Consultancy Services India for two and a half years and later joined a start-up in Malaysia. He has delivered training sessions on web, infrastructure, and mobile penetration testing for organizations across the world, in countries such as India, Malaysia, Brunei, and Vietnam. Through responsible disclosure programs, he has reported vulnerabilities in many top-notch organizations. He holds a bachelor's degree in information technology and is OSCP certified. He blogs at www.androidpentesting.com and www.infosecinstitute.com.

Mohammed A. Imran (@secfigo) has more than 6 years of experience in product security and consulting, he spends most of his time on penetration testing, vulnerability assessments, and source code reviews of web and mobile applications. He has helped telecom, banking, and software development houses create and maintain secure SDLC programs.

Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran - pozostałe książki

Promocja

This second edition of Kali Linux 2: Windows Penetration Testing provides approaches and solutions to the issues of modern penetration testing for a Microsoft Windows environment. As a pen tester, you need to be able to understand and use the best available tools - this book addresses these needs with maximum in a cost and time efficient way.
- PDF + ePub + Mobi
Kali Linux 2018: Windows Penetration Testing. Conduct network testing, surveillance, and pen testing on MS Windows using Kali Linux 2018 - Second Edition

Wolf Halton, Bo Weaver

(134,10 zł najniższa cena z 30 dni)

29.90 zł ~~159.00 zł (-81%)~~
Promocja

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security prof
- PDF + ePub + Mobi
Hacking Android. Click here to enter text

Mohammed A. Imran, Srinivasa Rao Kotipalli

(125,10 zł najniższa cena z 30 dni)

29.90 zł ~~139.00 zł (-78%)~~
Promocja

Delve into Kali Linux and get to grips with surveillance, network testing, and more with Kali Linux 2: Windows Penetration Testing. This book will give you hands-on experience and prepare you to apply your skills in the real world with the help of detailed explanations, examples, and expert techniques.
- PDF + ePub + Mobi
Kali Linux 2: Windows Penetration Testing. Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackers

Wolf Halton, Manoj Kumar Singh, Bo Weaver

(134,10 zł najniższa cena z 30 dni)

29.90 zł ~~159.00 zł (-81%)~~
Promocja
- PDF + ePub + Mobi
Web Penetration Testing with Kali Linux. Build your defense against web attacks with Kali Linux 2.0

Juned Ahmed Ansari, Juned Ahmed Ansari

(134,10 zł najniższa cena z 30 dni)

29.90 zł ~~159.00 zł (-81%)~~

Ebooka "Penetration Testing: A Survival Guide. A Survival Guide" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Booxs i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Penetration Testing: A Survival Guide. A Survival Guide" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Penetration Testing: A Survival Guide. A Survival Guide" zobaczysz:

Oceny i opinie klientów: Penetration Testing: A Survival Guide. A Survival Guide Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły książki

Tytuł oryginału:: Penetration Testing: A Survival Guide. A Survival Guide
ISBN Ebooka:: 978-17-872-8783-9, 9781787287839
Data wydania ebooka :: 2017-01-18 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: 1
Rozmiar pliku Pdf:: 52.9MB
Rozmiar pliku ePub:: 105.6MB
Rozmiar pliku Mobi:: 149.9MB

Zgłoś erratę
Kategorie:
Hacking » Bezpieczeństwo sieci
Hacking » Bezpieczeństwo systemów
Hacking » Inne

Spis treści książki

Penetration Testing: A Survival Guide
- Table of Contents
- Penetration Testing: A Survival Guide
- Penetration Testing: A Survival Guide
- Credits
- Preface
  - What this learning path covers
  - What you need for this learning path
  - Who this learning path is for
  - Reader feedback
  - Customer support
  - Downloading the example code
  - Errata
  - Piracy
  - Questions
- I. Module 1
  - 1. Sharpening the Saw
    - Installing Kali Linux to an encrypted USB drive
      - Prerequisites for installation
      - Booting Up
      - Installing configuration
      - Setting up the drive
      - Booting your new installation of Kali
    - Running Kali from the live CD
    - Installing and configuring applications
      - Gedit the Gnome text editor
      - Terminator the terminal emulator for multitasking
      - EtherApe the graphical protocol analysis tool
    - Setting up and configuring OpenVAS
    - Reporting the tests
      - KeepNote the standalone document organizer
      - Dradis the web-based document organizer
    - Running services on Kali Linux
    - Exploring the Kali Linux Top 10 and more
    - Summary
  - 2. Information Gathering and Vulnerability Assessment
    - Footprinting the network
      - Exploring the network with Nmap
      - Zenmap
      - The difference verbosity makes
      - Scanning a network range
    - Where can you find instructions on this thing?
    - A return to OpenVAS
    - Using Maltego
    - Using Unicorn-Scan
    - Monitoring resource use with Htop
    - Monkeying around the network
    - Summary
  - 3. Exploitation Tools (Pwnage)
    - Choosing the appropriate time and tool
    - Choosing the right version of Metasploit
    - Starting Metasploit
    - Creating workspaces to organize your attack
    - Using the hosts and services commands
    - Using advanced footprinting
      - Interpreting the scan and building on the result
      - Exploiting poor patch management
      - Finding out whether anyone is home
    - Using the pivot
      - Mapping the network to pivot
    - Creating the attack path
      - Grabbing system on the target
      - Setting Up the route
      - Exploring the inner network
      - Abusing the Windows NET USE command
        
        Adding a Windows user from the command line
    - Summary
  - 4. Web Application Exploitation
    - Surveying the webscape
      - Concept of Robots.txt
      - Concept of .htaccess
      - Quick solutions to cross-site scripting
      - Reducing buffer overflows
      - Avoiding SQL injection
    - Arm yourself with Armitage
      - Working with a single known host
      - Discovering new machines with NMap
    - Zinging Windows servers with OWASP ZAP
      - Using ZAP as an attack proxy
      - Reading the ZAP interface
    - Search and destroy with Burp Suite
      - Targeting the test subject
      - Using Burp Suite as a Proxy
        
        Installing the Burp Suite security certificate
      - Spidering a site with Burp Spider
    - Summary
  - 5. Sniffing and Spoofing
    - Sniffing and spoofing network traffic
    - Sniffing network traffic
      - Basic sniffing with tcpdump
      - More basic sniffing with WinDump (Windows tcpdump)
      - Packet hunting with Wireshark
        
        Dissecting the packet
        
        Swimming with Wireshark
    - Spoofing network traffic
      - Ettercap
        
        Using Ettercap on the command line
    - Summary
  - 6. Password Attacks
    - Password attack planning
      - Cracking the NTLM code (Revisited)
      - Password lists
      - Cleaning a password list
    - My friend Johnny
    - John the Ripper (command line)
    - xHydra
    - Adding a tool to the main menu in Kali 2.x
    - Summary
  - 7. Windows Privilege Escalation
    - Gaining access with Metasploit
    - Replacing the executable
    - Local privilege escalation with a standalone tool
    - Escalating privileges with physical access
      - Robbing the Hives with samdump2
      - Owning the registry with chntpw
    - Weaseling in with Weevely
      - Preparing to use Weevely
      - Creating an agent
      - Testing Weevely locally
      - Testing Weevely on a Windows server
        
        Getting help in Weevely
        
        Getting the system info
        
        Using filesystem commands in Weevely
        
        Writing into files
    - Summary
  - 8. Maintaining Remote Access
    - Maintaining access
      - Covering our tracks
    - Maintaining access with Ncat
      - Phoning Home with Metasploit
    - The Dropbox
    - Cracking the NAC (Network Access Controller)
    - Creating a Spear-Phishing Attack with the Social Engineering Toolkit
    - Using Backdoor-Factory to Evade Antivirus
    - Summary
  - 9. Reverse Engineering and Stress Testing
    - Setting up a test environment
      - Creating your victim machine(s)
      - Testing your testing environment
    - Reverse engineering theory
      - One general theory of reverse engineering
    - Working with Boolean logic
      - Reviewing a while loop structure
      - Reviewing the for loop structure
        
        Understanding the decision points
    - Practicing reverse engineering
      - Demystifying debuggers
        
        Using the Valgrind Debugger to discover memory leaks
        
        Translating your app to assembler with the EDB-Debugger
        
        EDB-Debugger symbol mapper
        
        Running OllyDbg
      - Introduction to disassemblers
        
        Running JAD
        
        Create your own disassembling code with Capstone
      - Some miscellaneous reverse engineering tools
        
        Running Radare2
      - Additional members of the Radare2 tool suite
        
        Running rasm2
        
        Running rahash2
        
        Running radiff2
        
        Running rafind2
        
        Running rax2
    - Stresstesting Windows
      - Dealing with Denial
      - Putting the network under Siege
      - Configuring your Siege engine
    - Summary
  - 10. Forensics
    - Getting into Digital Forensics
    - Exploring Guymager
      - Starting Kali for Forensics
      - Acquiring a drive to be legal evidence
      - Cloning With Guymager
    - Diving into Autopsy
    - Mounting image files
    - Summary
- II. Module 2
  - 1. Introduction to Penetration Testing and Web Applications
    - Proactive security testing
      - Who is a hacker?
      - Different testing methodologies
        
        Ethical hacking
        
        Penetration testing
        
        Vulnerability assessment
        
        Security audits
    - Rules of engagement
      - Black box testing or Gray box testing
      - Client contact details
      - Client IT team notifications
      - Sensitive data handling
      - Status meeting
    - The limitations of penetration testing
    - The need for testing web applications
    - Social engineering attacks
      - Training employees to defeat social engineering attacks
    - A web application overview for penetration testers
      - HTTP protocol
      - Request and response header
        
        The request header
        
        The response header
      - Important HTTP methods for penetration testing
        
        The GET/POST method
        
        The HEAD method
        
        The TRACE method
        
        The PUT and DELETE methods
        
        The OPTIONS method
      - Session tracking using cookies
        
        Cookie
        
        Cookie flow between server and client
        
        Persistent and non-persistent cookies
        
        Cookie parameters
      - HTML data in HTTP response
      - Multi-tier web application
    - Summary
  - 2. Setting up Your Lab with Kali Linux
    - Kali Linux
      - Improvements in Kali Linux 2.0
      - Installing Kali Linux
        
        USB mode
        
        VMware and ARM images of Kali Linux
        
        Kali Linux on Amazon cloud
        
        Installing Kali Linux on a hard drive
      - Kali Linux-virtualizing versus installing on physical hardware
    - Important tools in Kali Linux
      - Web application proxies
        
        Burp proxy
        
        Customizing client interception
        
        Modifying requests on the fly
        
        Burp proxy with SSL-based websites
        
        WebScarab and Zed Attack Proxy
        
        ProxyStrike
      - Web vulnerability scanner
        
        Nikto
        
        Skipfish
        
        Web Crawler Dirbuster
        
        OpenVAS
        
        Database exploitation
      - CMS identification tools
      - Web application fuzzers
    - Using Tor for penetration testing
      - Steps to set up Tor and connect anonymously
      - Visualization of a web request through Tor
      - Final words for Tor
    - Summary
  - 3. Reconnaissance and Profiling the Web Server
    - Reconnaissance
      - Passive reconnaissance versus active reconnaissance
      - Reconnaissance information gathering
        
        Domain registration details
        
        Whois extracting domain information
        
        Identifying hosts using DNS
        
        Zone transfer using dig
        
        Brute force DNS records using Nmap
        
        The Recon-ng tool a framework for information gathering
        
        Domain enumeration using recon-ng
        
        Sub-level and top-level domain enumeration
        
        Reporting modules
    - Scanning probing the target
      - Port scanning using Nmap
        
        Different options for port scan
        
        Evading firewalls and IPS using Nmap
        
        Spotting a firewall using back checksum option in Nmap
      - Identifying the operating system using Nmap
      - Profiling the server
        
        Application version fingerprinting
        
        The Nmap version scan
        
        The Amap version scan
        
        Fingerprinting the web application framework
        
        The HTTP header
        
        The Whatweb scanner
        
        Identifying virtual hosts
        
        Locating virtual hosts using search engines
        
        The virtual host lookup module in Recon-ng
        
        Identifying load balancers
        
        Cookie-based load balancer
        
        Other ways of identifying load balancers
        
        Scanning web servers for vulnerabilities and misconfigurations
        
        Identifying HTTP methods using Nmap
        
        Testing web servers using auxiliary modules in Metasploit
        
        Automating scanning using the WMAP web scanner plugin
        
        Vulnerability scanning and graphical reports the Skipfish web application scanner
        
        Spidering web applications
        
        The Burp spider
        
        Application login
    - Summary
  - 4. Major Flaws in Web Applications
    - Information leakage
      - Directory browsing
        
        Directory browsing using DirBuster
        
        Comments in HTML code
        
        Mitigation
    - Authentication issues
      - Authentication protocols and flaws
        
        Basic authentication
        
        Digest authentication
        
        Integrated authentication
        
        Form-based authentication
      - Brute forcing credentials
        
        Hydra a brute force password cracker
    - Path traversal
      - Attacking path traversal using Burp proxy
        
        Mitigation
    - Injection-based flaws
      - Command injection
      - SQL injection
    - Cross-site scripting
      - Attack potential of cross-site scripting attacks
    - Cross-site request forgery
    - Session-based flaws
      - Different ways to steal tokens
        
        Brute forcing tokens
        
        Sniffing tokens and man-in-the-middle attacks
        
        Stealing session tokens using XSS attack
        
        Session token sharing between application and browser
      - Tools to analyze tokens
      - Session fixation attack
      - Mitigation for session fixation
    - File inclusion vulnerability
      - Remote file include
      - Local file include
      - Mitigation for file inclusion attacks
    - HTTP parameter pollution
      - Mitigation
    - HTTP response splitting
      - Mitigation
    - Summary
  - 5. Attacking the Server Using Injection-based Flaws
    - Command injection
      - Identifying parameters to inject data
      - Error-based and blind command injection
      - Metacharacters for command separator
      - Scanning for command injection
        
        Creating a cookie file for authentication
        
        Executing Wapiti
      - Exploiting command injection using Metasploit
        
        PHP shell and Metasploit
      - Exploiting shellshock
        
        Overview of shellshock
        
        Scanning dirb
        
        Exploitation Metasploit
    - SQL injection
      - SQL statements
        
        The UNION operator
        
        The SQL query example
      - Attack potential of the SQL injection flaw
      - Blind SQL injection
      - SQL injection testing methodology
        
        Scanning for SQL injection
        
        Information gathering
      - Sqlmap automating exploitation
      - BBQSQL the blind SQL injection framework
      - Sqlsus MySQL injection
      - Sqlninja MS SQL injection
    - Summary
  - 6. Exploiting Clients Using XSS and CSRF Flaws
    - The origin of cross-site scripting
      - Introduction to JavaScript
    - An overview of cross-site scripting
    - Types of cross-site scripting
      - Persistent XSS
      - Reflected XSS
      - DOM-based XSS
        
        Defence against DOM-based XSS
      - XSS using the POST Method
    - XSS and JavaScript a deadly combination
      - Cookie stealing
      - Key logger
      - Website defacing
    - Scanning for XSS flaws
      - Zed Attack Proxy
        
        Scoping and selecting modes
        
        Modes of operation
        
        Scan policy and attack
      - Xsser
        
        Features
      - W3af
        
        Plugins
        
        Graphical interface
    - Cross-site request forgery
      - Attack dependencies
      - Attack methodology
      - Testing for CSRF flaws
      - CSRF mitigation techniques
    - Summary
  - 7. Attacking SSL-based Websites
    - Secure socket layer
      - SSL in web applications
      - SSL encryption process
      - Asymmetric encryption versus symmetric encryption
        
        Asymmetric encryption algorithms
        
        Symmetric encryption algorithm
      - Hashing for message integrity
      - Identifying weak SSL implementations
        
        OpenSSL command-line tool
        
        SSLScan
        
        SSLyze
        
        Testing SSL configuration using Nmap
      - SSL man-in-the-middle attack
        
        SSL MITM tools in Kali Linux
        
        SSLsplit
        
        SSLstrip
        
        SSL stripping limitations
    - Summary
  - 8. Exploiting the Client Using Attack Frameworks
    - Social engineering attacks
    - Social engineering toolkit
    - Spear-phishing attack
    - Website attack
      - Java applet attack
      - Credential harvester attack
      - Web jacking attack
      - Metasploit browser exploit
      - Tabnabbing attack
    - Browser exploitation framework
      - Introducing BeEF
      - BeEF hook injection
        
        Browser reconnaissance
        
        Exploit modules
        
        Host information gathering
        
        Persistence module
        
        Network recon
        
        Inter-protocol exploitation and communication
      - Exploiting the mutillidae XSS flaw using BeEF
      - Injecting the BeEF hook using MITM
    - Summary
  - 9. AJAX and Web Services Security Issues
    - Introduction to AJAX
      - Building blocks of AJAX
      - The AJAX workflow
      - AJAX security issues
        
        Increase in attack surface
        
        Exposed programming logic of the application
        
        Insufficient access control
      - Challenges of pentesting AJAX applications
      - Crawling AJAX applications
        
        AJAX crawling tool
        
        Sprajax
        
        AJAX spider OWASP ZAP
      - Analyzing client-side code Firebug
        
        The Script panel
        
        The Console panel
        
        The Network panel
    - Web services
      - Introducing SOAP and RESTful web services
      - Securing web services
        
        Insecure direct object reference vulnerability
    - Summary
  - 10. Fuzzing Web Applications
    - Fuzzing basics
    - Types of fuzzing techniques
      - Mutation fuzzing
      - Generation fuzzing
      - Applications of fuzzing
        
        Network protocol fuzzing
        
        File fuzzing
        
        User interface fuzzing
        
        Web application fuzzing
        
        Web browser fuzzing
      - Fuzzer frameworks
      - Fuzzing steps
      - Testing web applications using fuzzing
        
        Fuzzing input in web applications
        
        Request URI
        
        Headers
        
        Form fields
        
        Detecting result of fuzzing
      - Web application fuzzers in Kali Linux
        
        Fuzzing using Burp intruder
        
        PowerFuzzer tool
    - Summary
- III. Module 3
  - 1. Setting Up the Lab
    - Installing the required tools
      - Java
    - Android Studio
    - Setting up an AVD
      - Real device
      - Apktool
      - Dex2jar/JD-GUI
      - Burp Suite
    - Configuring the AVD
      - Drozer
        
        Prerequisites
      - QARK (No support for windows)
        
        Getting ready
      - Advanced REST Client for Chrome
      - Droid Explorer
      - Cydia Substrate and Introspy
      - SQLite browser
      - Frida
        
        Setting up Frida server
        
        Setting up frida-client
        
        Testing the setup
      - Vulnerable apps
      - Kali Linux
    - ADB Primer
      - Checking for connected devices
      - Getting a shell
      - Listing the packages
      - Pushing files to the device
      - Pulling files from the device
      - Installing apps using adb
      - Troubleshooting adb connections
    - Summary
  - 2. Android Rooting
    - What is rooting?
      - Why would we root a device?
      - Advantages of rooting
        
        Unlimited control over the device
        
        Installing additional apps
        
        More features and customization
      - Disadvantages of rooting
        
        It compromises the security of your device
        
        Bricking your device
        
        Voids warranty
    - Locked and unlocked boot loaders
      - Determining boot loader unlock status on Sony devices
      - Unlocking boot loader on Sony through a vendor specified method
      - Rooting unlocked boot loaders on a Samsung device
    - Stock recovery and Custom recovery
      - Prerequisites
    - Rooting Process and Custom ROM installation
      - Installing recovery softwares
        
        Using Odin
        
        Using Heimdall
    - Rooting a Samsung Note 2
    - Flashing the Custom ROM to the phone
    - Summary
  - 3. Fundamental Building Blocks of Android Apps
    - Basics of Android apps
      - Android app structure
        
        How to get an APK file?
      - Storage location of APK files
        
        /data/app/
        
        /system/app/
        
        /data/app-private/
        
        Example of extracting preinstalled apps
        
        Example of extracting user installed apps
    - Android app components
      - Activities
      - Services
      - Broadcast receivers
      - Content providers
      - Android app build process
    - Building DEX files from the command line
    - What happens when an app is run?
      - ART the new Android Runtime
    - Understanding app sandboxing
      - UID per app
      - App sandboxing
      - Is there a way to break out of this sandbox?
    - Summary
  - 4. Overview of Attacking Android Apps
    - Introduction to Android apps
      - Web Based apps
      - Native apps
      - Hybrid apps
    - Understanding the apps attack surface
      - Mobile application architecture
    - Threats at the client side
    - Threats at the backend
    - Guidelines for testing and securing mobile apps
      - OWASP Top 10 Mobile Risks (2014)
      - M1: Weak Server-Side Controls
      - M2: Insecure Data Storage
      - M3: Insufficient Transport Layer Protection
      - M4: Unintended Data Leakage
      - M5: Poor Authorization and Authentication
      - M6: Broken Cryptography
      - M7: Client-Side Injection
      - M8: Security Decisions via Untrusted Inputs
      - M9: Improper Session Handling
      - M10: Lack of Binary Protections
    - Automated tools
      - Drozer
      - Performing Android security assessments with Drozer
        
        Installing testapp.apk
        
        Listing out all the modules
        
        Retrieving package information
    - Identifying the attack surface
      - Identifying and exploiting Android app vulnerabilities using Drozer
        
        Attacks on exported activities
        
        What is the problem here?
    - QARK (Quick Android Review Kit)
      - Running QARK in interactive mode
        
        Reporting
      - Running QARK in seamless mode:
    - Summary
  - 5. Data Storage and Its Security
    - What is data storage?
      - Android local data storage techniques
        
        Shared preferences
        
        SQLite databases
        
        Internal storage
        
        External storage
    - Shared preferences
      - Real world application demo
    - SQLite databases
    - Internal storage
    - External storage
    - User dictionary cache
    - Insecure data storage NoSQL database
      - NoSQL demo application functionality
    - Backup techniques
      - Backup the app data using adb backup command
      - Convert .ab format to tar format using Android backup extractor
      - Extracting the TAR file using the pax or star utility
      - Analyzing the extracted content for security issues
    - Being safe
    - Summary
  - 6. Server-Side Attacks
    - Different types of mobile apps and their threat model
    - Mobile applications server-side attack surface
      - Mobile application architecture
    - Strategies for testing mobile backend
      - Setting up Burp Suite Proxy for testing
        
        Proxy setting via APN
        
        Proxy setting via Wi-Fi
        
        Bypass certificate warnings and HSTS
        
        HSTS HTTP Strict Transport Security
      - Bypassing certificate pinning
      - Bypass SSL pinning using AndroidSSLTrustKiller
        
        Setting up a demo application
        
        Installing OWASP GoatDroid
      - Threats at the backend
        
        Relating OWASP top 10 mobile risks and web attacks
        
        Authentication/authorization issues
        
        Authentication vulnerabilities
        
        Authorization vulnerabilities
        
        Session management
        
        Insufficient Transport Layer Security
        
        Input validation related issues
        
        Improper error handling
        
        Insecure data storage
        
        Attacks on the database
    - Summary
  - 7. Client-Side Attacks Static Analysis Techniques
    - Attacking application components
      - Attacks on activities
        
        What does exported behavior mean to an activity?
        
        Intent filters
      - Attacks on services
        
        Extending the Binder class:
        
        Using a Messenger
        
        Using AIDL
        
        Attacking AIDL services
      - Attacks on broadcast receivers
      - Attacks on content providers
        
        Querying content providers:
        
        Exploiting SQL Injection in content providers using adb
        
        Querying the content provider
        
        Writing a where condition:
      - Testing for Injection:
        
        Finding the column numbers for further extraction
        
        Running database functions
        
        Finding out SQLite version:
        
        Finding out table names
    - Static analysis using QARK:
    - Summary
  - 8. Client-Side Attacks Dynamic Analysis Techniques
    - Automated Android app assessments using Drozer
      - Listing out all the modules
      - Retrieving package information
      - Finding out the package name of your target application
      - Getting information about a package
      - Dumping the AndroidManifes.xml file
      - Finding out the attack surface:
      - Attacks on activities
      - Attacks on services
      - Broadcast receivers
      - Content provider leakage and SQL Injection using Drozer
      - Attacking SQL Injection using Drozer
      - Path traversal attacks in content providers
        
        Reading /etc/hosts
        
        Reading kernel version
      - Exploiting debuggable apps
    - Introduction to Cydia Substrate
    - Runtime monitoring and analysis using Introspy
    - Hooking using Xposed framework
    - Dynamic instrumentation using Frida
      - What is Frida?
        
        Prerequisites
        
        Steps to perform dynamic hooking with Frida
    - Logging based vulnerabilities
    - WebView attacks
      - Accessing sensitive local resources through file scheme
      - Other WebView issues
    - Summary
  - 9. Android Malware
    - What do Android malwares do?
    - Writing Android malwares
      - Writing a simple reverse shell Trojan using socket programming
    - Registering permissions
      - Writing a simple SMS stealer
        
        The user interface
        
        Code for MainActivity.java
        
        Code for reading SMS
        
        Code for the uploadData() method
        
        Complete code for MainActivity.java
        
        Registering permissions
        
        Code on the server
        
        A note on infecting legitimate apps
    - Malware analysis
      - Static analysis
        
        Disassembling Android apps using Apktool
        
        Exploring the AndroidManifest.xml file
        
        Exploring smali files
        
        Decompiling Android apps using dex2jar and JD-GUI
      - Dynamic analysis
        
        Analyzing HTTP/HTTPS traffic using Burp
        
        Analysing network traffic using tcpdump and Wireshark
    - Tools for automated analysis
      - How to be safe from Android malwares?
    - Summary
  - 10. Attacks on Android Devices
    - MitM attacks
    - Dangers with apps that provide network level access
    - Using existing exploits
    - Malware
    - Bypassing screen locks
      - Bypassing pattern lock using adb
        
        Removing the gesture.key file
        
        Cracking SHA1 hashes from the gesture.key file
      - Bypassing password/PIN using adb
      - Bypassing screen locks using CVE-2013-6271
    - Pulling data from the sdcard
    - Summary
- A. Bibliography
- Index