HOME

Usando Herramientas

https://medium.com/@kshitishirke/mobile-security-framework-mobsf-static-analysis-df22fcdae46e

https://www.welivesecurity.com/la-es/2016/12/19/analizar-apk-con-mobsf/

https://www.welivesecurity.com/la-es/2016/12/21/analizar-archivos-apk-mobsf-parte-2/

https://www.welivesecurity.com/la-es/2017/10/20/analizar-apps-android-inspeckage/

OWASP

10 things you must do when Pentesting Android Applications.

https://securitygrind.com/?s=mobile

Logs

https://www.sniferl4bs.com/2019/05/hacking-101-visualizacion-de-logs-en.html

Dump de memoria & Webview

Dumping Android application memory with fridump

Exploiting Android Components: Loading arbitrary URLs in a Webview.

Basic Security Testing
https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05b-basic-security_testing

SSL Pinning
https://www.javatips.net/api/okhttp-master/okhttp/src/main/java/okhttp3/OkHttpClient.java
https://securitygrind.com/bypassing-android-ssl-pinning-with-frida/

Drozer
https://blog.dixitaditya.com/android-pentesting-cheatsheet/

Guia de Scripting en Frida
https://neo-geo2.gitbook.io/adventures-on-security/frida-scripting-guide/frida-scripting-guide

AES Killer
https://n00b.sh/posts/aes-killer-mobile-app-demo/