Bug Hunter Handbook
  • Introduction
  • Getting Started in InfoSec and Bug Bounties.
  • Presentations
  • Checklists / Guides
  • Useful Twitter Threads
  • List of Vulnerabilities
    • Recon and OSINT
      • Recon
      • Sensitive information using Github
      • Subdomain Enumeration
        • Resolvers
      • Javascript Enumeration
      • After Recon
      • Finding Information Using Public Resources
      • OSINT
      • Cloud
      • Wayback
      • Parameter / Content Discovery
      • Broken Link Highjacking
    • Host Header
    • Injection
      • Other Injection
    • DNS Rebinding
    • Cross Site Scripting (XSS)
      • Weaponizing XSS
      • WAF Bypass
    • Cross Origin Resource Sharing (CORS)
    • Local / Remote File Inclusion (LFI / RFI)
    • Server Side Request Forgery (SSRF)
    • Remote Code Execution (RCE)
    • XML Entity Injecton (XXE)
    • Price Manipulation
    • Directory / Path Traversal
    • Cross Site Request Forgery (CSRF)
      • JSON CSRF
    • Password Reset
    • Login Page Issues
    • Deserialization Attacks
    • File Upload
    • Account Takeover
    • Insecure Direct Object References (IDOR)
    • Open Redirect
    • Business Logic Flaws
    • Rate Limit Bypass / 2FA / OTP Bypass
    • Ruby on Rails
      • Mass Assginment
    • S3 Bucket
    • Race Condition
    • CRLF
    • SSTI
    • Prototype Pollution
  • Approach
  • API Security
  • Mobile Security
  • Fuzzing / Wordlists
  • BugBounty Short Write-ups
  • Burp Suite Tips and Tricks
  • HackerOne Reports
  • Response Manipulation
  • Client Vs Server Side Vulnerabilities
  • DevSecOps
  • Containers
    • Docker
    • Kubernetes
    • Containers
  • AWS
  • Azure
  • Others
    • Code Review
    • Web Sockets
    • Web Cache
    • HTTP Desync Attacks
    • Zone Transfer
    • CSP Bypass
    • Payment Bypasses
    • Http Parameter Pollution
    • Postmessage
    • Others
    • GraphQL
    • Unix / Linux
    • Email Related
    • Dependency confusion
    • Nginx Misconfigs
    • JIRA
    • OAUTH
  • Chaining of Bugs
  • Bug Bounty Automation
  • Mindmaps
  • Oneliner Collections
  • Red Teaming
  • Blue Teamining
  • Recon One Liners
  • Misc
  • Wordpress
  • Fuzzing / FuFF
  • OWASP ZAP
  • Bug List
  • Setting up burp collaborator
  • Admin Panel PwN
  • Credential Stuffing / Dump / HaveibeenPwned?
  • Tools Required
  • Nuclei Template
  • Other BugBounty Repos / Tips
  • Interview
  • Threat Modelling
  • AppSec
Powered by GitBook
On this page

Was this helpful?

Mobile Security

PreviousAPI SecurityNextFuzzing / Wordlists

Last updated 9 months ago

Was this helpful?

Android Application Security Series (Part 1 - 26) :

  • ios -

From my tweets :

SANS VIDEO - "How To" Install & Configure Android Emulator by YouTube: -

  • Android Application Security Series (Part 1 - 26) :

  • MobileApp-Pentest-Cheatsheet : High value information on specific mobile application penetration testing : -

  • Complete app checklist, with links to testing instructions and best practices

  • An interesting write-up of how pwning a mobile device led to Domain compromise. From APK to Golden Ticket:

  • I'm releasing all the slides (~800!) of my Mobile Security class: ! They are not perfect, but students learned how to reverse apps, find&exploit real-world bugs, reason about threat modelling / system security, etc. Very proud of them :-) =>

  • MOBILE PENTESTING CONTENTS :

  • Today I am releasing the Mobile Application pentesting Resources : Please share your valuable feedback

https://medium.com/@hackersdump0
https://github.com/saeidshirazi/awesome-android-security#Checklist
https://www.cobalt.io/blog/getting-started-with-android-application-security
https://medium.com/@srkasthuri/android-pentesting-101-a-novices-handbook-to-getting-started-8f56f877f418
https://www.hackthebox.com/blog/intro-to-mobile-pentesting#what_is_android_penetration_testing_
https://securityboat.net/getting-started-into-android-secuirty/
https://github.com/Anof-cyber/Application-Security
https://github.com/iamsarvagyaa/AndroidSecNotes
https://goo.gl/Tcp8fX
https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet
https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/
https://manifestsecurity.com/android-application-security/
https://github.com/anantshri/Android_Security
https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking
https://blog.softwaroid.com/2020/05/02/android-application-penetration-testing-bug-bounty-checklist/
https://mobexler.com/checklist.htm
https://github.com/B3nac/Android-Reports-and-Resources
https://guides.peruzal.com/mobile-device-security-and-penetration-testing-guide/
https://payatu.com/blog/abhilashnigam/ios-pentesing-guide-from-a-n00bs-perspective.1
https://co0nan.gitbook.io/writeups/
@joswr1ght
https://youtu.be/ij2Y3dwLdwA
https://twitter.com/SANSInstitute/status/624973702380285952
https://goo.gl/Tcp8fX
https://twitter.com/binitamshah/status/777156946457571328
https://twitter.com/timstrazz/status/886342537253855232
#Android
#security
http://goo.gl/Zq4VzP
From APK to Golden TicketFrom APK to Golden Ticket Owning an Android smartphone and gaining Domain Admin rights and more... Andrea Pierini , Giuseppe Trotta February 24, 2017 This article describes the potential dangers of...docs.google.com
https://mobisec.reyammer.io
https://twitter.com/reyammer/status/1102636136541966339
https://nileshsapariya.blogspot.com/2016/11/zero-to-hero-mobile-application-testing.html…
https://manifestsecurity.com
https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet…
https://github.com/tanprathan/MobileApp-PentestCheatsheet/blob/master/README.md…
https://gbhackers.com/penetration-testing-android-application-checklist/…
https://gbhackers.com/android-application-penetration-testing/…
https://secvibe.com/intercepting-android-traffic-for-mobile-appsec-2ba634995f6f…
https://secvibe.com/android-appsec-27855dca8531…
https://twitter.com/vasim_infosec/status/1174320971966058496
https://docs.google.com/document/d/1_c5VcgiyOIrTl2E5M1gU_EAb-4piONqQEh4PSw4NUL4/edit?usp=sharing…
#MobileApp
#infosec
#pentest
#bugbounty
#cheatsheet
#resources
#Android
#ios
https://github.com/B3nac/Android-Reports-and-Resources
https://mobile-security.gitbook.io/mobile-security-testing-guide
https://github.com/ashishb/android-security-awesome
https://docs.google.com/presentation/d/1gK2vYdvwFn8r8dSawIWRRIF4yDF4qmMY2qEelS1M7rI/edit#slide=id.g9b88c175c9_0_241
https://ivrodriguez.com/tips-for-mobile-bug-bounty-hunting/