Android OS - it runs on smartphone or tablet

launched in 2008

Open source

Build on the of linux

Uid - user id
Pid - process id

Framework for android pentesting -

OWASP TOP 10 - MOBILE

https://owasp.org/www-project-mobile-top-10/

NIST

Pentesting / Bug Bounty -

Pentesting - threat modeling - risk, threat and

vulnerability

End - end secure

Amazon - checklist - owasp

Bug Bounty - bugcrowd/ hackerone

Abc.com - ssrf - getting paid

Attack Surface -

Ex -
Amazon app - rce - gain access internal system

Identifying the entry points of an application from

where a malicious user or an attacker could get into the
system or the application.

3 Types of Attack Surface -

Client side - these are the vuln or the isssues which are
affecting the ned user of a particular application.

Eg - flipkart - login - email/password - logged in

- cookie stealing , session fixation

Server Side -
These are the vuln or the issues which occurs at the
runtime og the application

For - sql injection , rce , ssrf

Logical Issues/ Business -

These are the issue or vuln which are affecting the

business logic of an application

For eg - amazon - discount - 1 coupon - one time per

user - more than 1 time - afftecting
250 off

Android Lab Environment -

1. Emulator or physical device

2. ADB
Emulator - genymotion or android studio

Appie -
https://sourceforge.net/projects/appiefiles/

Emulator -
https://www.genymotion.com/download/

Android OS - santoku
Mobexlex
Tamer

Adb - android debug bridge

C:\Appie\bin\adt\sdk\platform-tools

Adb devices

Opengapps - to download google packages - play store

Arm transalor -
https://github.com/m9rco/Genymotion_ARM_Translati
on/tree/master
X86 native - 64