diff --git a/README.md b/README.md index 2b4d4f4..9150fb7 100644 --- a/README.md +++ b/README.md @@ -10,38 +10,38 @@ ## Android -* [General](#general) +### General - * [An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0) - * [Secure an Android Device](https://source.android.com/security) - * [Security tips](https://developer.android.com/training/articles/security-tips) - * [OWASP Mobile Security Testing Guide](https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide) - * [Security Testing for Android Cross Platform Application](https://3xpl01tc0d3r.blogspot.com/2019/09/security-testing-for-android-app-part1.html) - * [Dive deep into Android Application Security](https://blog.0daylabs.com/2019/09/18/deep-dive-into-Android-security/) - * [Pentesting Android Apps Using Frida](https://www.notsosecure.com/pentesting-android-apps-using-frida/) - * [Mobile Security Testing Guide](https://mobile-security.gitbook.io/mobile-security-testing-guide/) - * [Mobile Application Penetration Testing Cheat Sheet](https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet) - * [Android Applications Reversing 101](https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit) - * [Android Security Guidelines](https://developer.box.com/en/guides/security/) - * [Amandroid – A Static Analysis FrameworkA](http://pag.arguslab.org/argus-saf/) - * [Androwarn – Yet Another Static Code Analyzer](https://github.com/maaaaz/androwarn/) - * [APK Analyzer – Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser) - * [APK Inspector – A Powerful GUI Tool](https://github.com/honeynet/apkinspector/) - * [Android WebView Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/) - * [OWASP Mobile Top 10](https://www.owasp.org/index.php/OWASP_Mobile_Top_10) +* [An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0) +* [Secure an Android Device](https://source.android.com/security) +* [Security tips](https://developer.android.com/training/articles/security-tips) +* [OWASP Mobile Security Testing Guide](https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide) +* [Security Testing for Android Cross Platform Application](https://3xpl01tc0d3r.blogspot.com/2019/09/security-testing-for-android-app-part1.html) +* [Dive deep into Android Application Security](https://blog.0daylabs.com/2019/09/18/deep-dive-into-Android-security/) +* [Pentesting Android Apps Using Frida](https://www.notsosecure.com/pentesting-android-apps-using-frida/) +* [Mobile Security Testing Guide](https://mobile-security.gitbook.io/mobile-security-testing-guide/) +* [Mobile Application Penetration Testing Cheat Sheet](https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet) +* [Android Applications Reversing 101](https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit) +* [Android Security Guidelines](https://developer.box.com/en/guides/security/) +* [Amandroid – A Static Analysis FrameworkA](http://pag.arguslab.org/argus-saf/) +* [Androwarn – Yet Another Static Code Analyzer](https://github.com/maaaaz/androwarn/) +* [APK Analyzer – Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser) +* [APK Inspector – A Powerful GUI Tool](https://github.com/honeynet/apkinspector/) +* [Android WebView Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/) +* [OWASP Mobile Top 10](https://www.owasp.org/index.php/OWASP_Mobile_Top_10) - * [Books](#books) + ### Books - * [SEI CERT Android Secure Coding Standard](https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard) - * [Android Security Internals](https://www.oreilly.com/library/view/android-security-internals/9781457185496/) + * [SEI CERT Android Secure Coding Standard](https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard) + * [Android Security Internals](https://www.oreilly.com/library/view/android-security-internals/9781457185496/) - * [Courses](#courses) + ### Courses - * [Learning-Android-Security](https://www.lynda.com/Android-tutorials/Learning-Android-Security/689762-2.html) - * [Mobile Application Security and Penetration Testing](https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/) +* [Learning-Android-Security](https://www.lynda.com/Android-tutorials/Learning-Android-Security/689762-2.html) +* [Mobile Application Security and Penetration Testing](https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/) - * [Tools](#tools) + ### Tools * [Static Analysis](#static) * [Amandroid – A Static Analysis Framework](http://pag.arguslab.org/argus-saf) @@ -68,7 +68,7 @@ * [Android Check – Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check) * [FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea) - * [Dynamic Analysis](#dynamic) + * [Dynamic Analysis](#dynamic) * [Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker) * [AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/) * [AppAudit - A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid) @@ -85,7 +85,7 @@ * [Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) * [CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/) - * [Android Online APK Analyzers](#online) + * [Android Online APK Analyzers](#online) * [Android Observatory APK Scan](https://androidobservatory.org/upload) * [Android APK Decompiler](http://www.decompileandroid.com/) * [AndroTotal](http://andrototal.org/) @@ -101,22 +101,62 @@ * [Visual Threat](http://www.visualthreat.com/UIupload.action) * [App Critique](https://appcritique.boozallen.com/) - * [Labs](#labs) - + ### Labs - * [Misc.](#Misc.) - - * [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md) - * [android-security-awesome](https://github.com/ashishb/android-security-awesome) - - - + * [DIVA (Damn insecure and vulnerable App)](https://github.com/payatu/diva-android) + * [SecurityShepherd](https://github.com/OWASP/SecurityShepherd) + * [Damn Vulnerable Hybrid Mobile App (DVHMA)](https://github.com/logicalhacking/DVHMA) + * [OWASP-mstg](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes) + * [VulnerableAndroidAppOracle](https://github.com/dan7800/VulnerableAndroidAppOracle) + * [Android InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2) + * [Purposefully Insecure and Vulnerable Android Application (PIIVA)](https://github.com/htbridge/pivaa) + * [Sieve app](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk) + * [DodoVulnerableBank](https://github.com/CSPF-Founder/DodoVulnerableBank) + * [Digitalbank](https://github.com/CyberScions/Digitalbank) + * [OWASP GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) + * [AppKnox Vulnerable Application](https://github.com/appknox/vulnerable-application) + * [Vulnerable Android Application](https://github.com/Lance0312/VulnApp) + * [MoshZuk](https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apk) + * [Hackme Bank](http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx) + * [Android Security Labs](https://github.com/SecurityCompass/AndroidLabs) + * [Android-InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2) + * [Android-security](https://github.com/rafaeltoledo/android-security) + ### Talks + + * [One Step Ahead of Cheaters -- Instrumenting Android Emulators](https://www.youtube.com/watch?v=L3AniAxp_G4) + * [Vulnerable Out of the Box: An Evaluation of Android Carrier Devices](https://www.youtube.com/watch?v=R2brQvQeTvM) + * [Rock appround the clock: Tracking malware developers by Android](https://www.youtube.com/watch?v=wd5OU9NvxjU) + * [Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre](https://www.youtube.com/watch?v=ohjTWylMGEA) + * [Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets](https://www.youtube.com/watch?v=TDk2RId8LFo) + * [Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening](https://www.youtube.com/watch?v=EkL1sDMXRVk) + * [Hide Android Applications in Images](https://www.youtube.com/watch?v=hajOlvLhYJY) + * [Scary Code in the Heart of Android](https://www.youtube.com/watch?v=71YP65UANP0) + * [Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android](https://www.youtube.com/watch?v=q_HibdrbIxo) + * [Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library](https://www.youtube.com/watch?v=s0Tqi7fuOSU) + * [Android FakeID Vulnerability Walkthrough](https://www.youtube.com/watch?v=5eJYCucZ-Tc) + * [Unleashing D* on Android Kernel Drivers](https://www.youtube.com/watch?v=1XavjjmfZAY) + * [The Smarts Behind Hacking Dumb Devices](https://www.youtube.com/watch?v=yU1BrY1ZB2o) + * [Overview of common Android app vulnerabilities](https://www.bugcrowd.com/resources/webinars/overview-of-common-android-app-vulnerabilities/) + * [Android Dev Summit 2019](https://developer.android.com/dev-summit) + * [Android security architecture](https://www.youtube.com/watch?v=3asW-nBU-JU) + + ### Misc. + + * [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md) + * [android-security-awesome](https://github.com/ashishb/android-security-awesome) + + + + ## IOS - * [General](#general) - * [Articles](#articles) - * [Books](#books) - * [Classes](#classes) - * [Tools] + ### General + ### Tools + ### Talks + ### Labs + ### Courses + ### Books + ### Misc. +