Elevate Your Mobile Security Skills!
with Android fuzzing & exploitation secrets through 9 modules, real-world labs, and a professional certification.Course Structure
01
Lab Setup
1 Lab Setup - Outline
00:28
1.1 Slack channel
00:18
1.2 Mobile Hacking Lab VM
01:40
1.2 Mobile Hacking Lab Cloud VM
01:45
1.3 Android NDK (only on Mac M1 / M2)
00:28
1.4 Corellium Android Device
01:16
Lab Setup
0 Pages
02
Part 1: Reverse Engineering and Fuzzing - Module 1: Introduction into Android Security
Part 1: Reverse Engineering and Fuzzing Module 1: Introduction into Android Security - Android Architecture - Security Model - Android Sandbox - Permission - Binder IPC - SELinux & Disabling SELinux - Verified boot - OWASP Mobile Security Project
1 Introduction into Android Security
02:06
1.2 Security Model
03:42
1.3 Android Sandbox
03:56
1.4 Permission
03:33
1.4 Labs - Permissions
07:39
1.4 Labs - Permissions
1.5 Binder IPC
02:57
1.6 SELinux
04:44
1.6 Labs SELinux
05:28
1.6 Labs SELinux
1.7 Disabling SELinux
08:55
1.8 Verified boot
03:00
1.9 OWASP Mobile Security Project
05:54
Android Security Model
8 questions
03
Try out!
1.6 Labs SELinux
05:28
1.6 Labs SELinux
1.7 Labs Disabling SELinux
05:33
1.7 Labs Disabling SELinux
04
Part 1: 2.1 Introduction into ARM assembly
Introduction into ARM assembly
2.1 Introduction into ARM
07:23
2.1 Lab - Hello World in Aarch64
07:11
2.1 Hello World in Aarch64
01:52
2.2 ARM Registers
04:55
2.2 Lab - Interacting with registers
19:29
2.2 Interacting with Registers
02:58
2.3 Arm64 instruction set
08:59
2.3 Lab - Arm64 instructions
24:20
2.3 Arm64 Instructions
03:17
2.4 Arm Stack
07:03
2.4 Lab - Arm Stack
21:38
2.4 Arm Stack
02:04
2.5 ARM Calling convention
01:46
2.5 Lab Arm calling convention
08:57
2.5 Arm calling convention
02:11
2.6 Branching and condition codes
04:12
2.6 Lab Branching and condition codes
07:04
2.6 Branching and condition codes
01:39
2.7 Writing shellcode
06:58
2.7 Writing ShellCode
01:35
Lab ShellCode
Hello World in ARM64
04:43
Execve Shellcode
05:39
XOR encoded Shellcode
03:40
Bindshell
07:03
05
Part 1: Module 3: Reverse Engineering Android Native Components
3.1 Introduction into Ghidra
05:13
3.1 Introduction into Ghidra - Usage + decompiler
06:50
3.1 Introduction into Ghidra - Usage part II
06:45
3.1 Ghidra Exercise
00:29
3.2 Reverse Engineering Android Native Libraries - NDK usage
05:11
3.2 Reverse Engineering Android Native Libraries - ADB
10:31
3.2 Reverse Engineering Android Native Libraries - APK
06:25
3.2 Reverse Engineering Android Native Libraries - JADX
03:23
Lab APK analysis
3.2 Analysis of APK Exercise
00:45
3.2 Reverse Engineering Android Native Libraries - Frida ps + trace
09:31
3.2 Reverse Engineering Android Native Libraries - Frida scripts
06:43
3.2b Dynamic Instrumentation with Frida
02:14
3.3 Finding functions for fuzz harnessing
03:30
06
Part 1: Module 4: Fuzzing and Crash Analysis
4.1 Introduction into fuzzing
06:55
4.2 Dumb fuzzing vs Smart fuzzing
06:59
Fuzzing introduction quiz
6 questions
4.3 Building harnesses and fuzzing
06:23
4.4 Open source fuzzing with LLVM Libfuzzer
16:08
4.4 Libfuzzer exercise
01:05
4.4 Open source fuzzing with LLVM Libfuzzer - Libxml2 compilation
09:06
4.4 Open source fuzzing with LLVM Libfuzzer - Libxml2 execution
08:50
4.4 Libxml2 fuzzing exercise
01:01
4.4 Real World Examples - WhatsApp - Android-Gif-Drawable
06:52
4.4 Real World Examples - WhatsApp - compilation & exercise
07:01
4.4b WhatsApp fuzzing exercise
01:45
4.5 Structure Aware Fuzzing with Protobuf - Intro + Exercise 1
08:21
4.5 Structure Aware Fuzzing with Protobuf - Exercise 1
01:00
4.5 Real World Examples - Protobuf fuzzing rLottie Library
13:24
4.5b Structure Aware Fuzzing with Protobuf - rLottie Telegram exercise
02:06
4.6 Emulated Black Box Fuzzing with AFL++ & QEMU
13:11
4.6 AFL++ fuzzing exercise
01:16
4.7 Crash analysis
08:09
4.7 Crash analysis exercise
01:29
07
Part 2: Android Userland Exploitation - Module 1: Exploitation Lab Setup and Tool introduction
Introduction into Part 2: Android Userland Exploitation
02:26
1.1 Exploitation Lab Setup and Tool introduction
02:10
1.2 Introduction into gdb basics
04:56
1.2 Introduction into gdb basics
02:52
1.2 Introduction to gdb
07:17
1.2 Labs - Introduction to gdb
Basic Debugging with gdb
4 questions
1.3 Remote debugging with gdb
03:45
Debugging aarch64 Android Applications
01:55
1.4 Introduction into GEF
02:20
1.5 Dumping memory for ROP gadgets
02:12
1.5 Labs - Dumping memory for ROP gadgets
06:07
1.5 Labs - Dumping memory for ROP gadgets
1.6 Introduction into Ropper
04:51
1.6 Lab - Introduction into Ropper
08
Part 2: Module 2: Exploiting Memory Info Leaks
2 Exploiting Memory Info Leaks
01:31
2.1 Importance of info leak bugs
05:16
2.2 Leaking during debugging
04:50
2.2 labs - Leaking during debugging
04:06
Leaking during debugging
01:11
2.2 labs - Leaking during debugging
2.3 Leaking important data
01:20
2.4 Abusing info leak for ASLR Bypass
03:36
09
Part 2 Module 3: Modern Stack Overflow Exploitation (ASLR + N^X)
3 Modern Stack Overflow Exploitation
02:28
3.1 Introduction into buffer overflows
06:17
3.2 Non-Exec Stack ARM
01:44
3.3.1 Leaking Stack address
05:19
3.3.1 Lab Leaking Stack address
07:13
Leaking Stack address
01:52
3.3.1 Lab Leaking Stack address
3.3.2 Leaking Libc address
06:20
3.3.2 Lab Leaking libc address
15:39
Lab Leaking libc address
02:21
3.3.2 Lab Leaking libc address
3.3.3 Calculating base addresses
04:32
3.3.3 Lab Calculating base addresses
08:33
Lab Calculating libc base addresses
02:14
3.4 return2func attacks
05:07
3.4 Lab return2func attacks
07:35
Lab return2func attacks
02:48
3.4 Lab return2functions attacks
3.5.1 Return2Libc attacks
07:01
3.5.1 Lab Return2Libc attacks
02:48
Lab Return2Libc attacks
00:55
3.5.1 Lab return2Libc attacks
3.5.2 Debugging ROP chain
06:00
3.5.2 Lab Debugging ROP chain
26:40
Lab Debugging ROP chain
03:10
3.5.2 Lab Debugging ROP chain
3.5.3 Abusing Toybox for reverse shell
03:47
3.5.3 Lab Abusing Toybox for reverse shell
08:51
Lab Abusing Toybox for reverse shell
01:20
3.5.3 Lab Abusing Toybox for reverse shell
ROP Chaining - Remote Payload - Bonus
12:56
10
Part 2: Module 4: Exploiting Android Userland Heap Attacks
4 Exploiting Android Userland Heap Vulnerabilities
01:24
4.1 Introduction into jeMalloc
08:41
4.2 Basic heap overflow
02:01
4.3 Use-after-free exploitation
01:51
4.4 Heap grooming & Heap Spraying
01:33
4.5 jeMalloc heap exploitation
06:55
4.5.1 Connecting PwnChat
01:47
4.5.1 Lab Connecting PwnChat
03:20
Connect PwnChat
01:11
4.5.1 Lab Connect PwnChat
4.5.2 jeMalloc Heap Spraying PwnChat
03:48
4.5.2 Lab jeMalloc Heap Spraying PwnChat
05:31
jeMalloc Heap Spraying PwnChat
02:02
4.5.2 Lab jeMalloc Heap Spraying PwnChat
4.5.3 jeMalloc Bypassing ASLR with Info Leaks in PwnChat
07:26
4.5.3 Lab jeMalloc Bypassing ASLR with Info Leaks in PwnChat
14:29
jeMalloc Bypassing ASLR with Info Leaks in PwnChat
01:43
4.5.3 Lab jeMalloc Bypassing ASLR with Info Leaks in PwnChat
4.5.4 jeMalloc Triggering the bug in PwnChat
05:00
4.5.4 Lab jeMalloc Triggering the bug in PwnChat
08:12
jeMalloc Triggering the bug in PwnChat
01:11
4.5.4 Lab jeMalloc Triggering the bug in PwnChat
11
Exam
1.1 Exam Overview and Deliverables
01:03
Exam registration
1 questions
12
Certificate of completion
Android Userland Fuzzing and Exploitation
![Certified Exploit Development Professional [CEDP]](/data/resource_icons/0/128.jpg?1753658993){kind=icon}
