Explore advanced Android bug bounty techniques in this 51-minute conference talk from Bugcrowd's LevelUp 2017. Dive into commonly overlooked mobile vulnerability areas, including the Android Inter Process Communication (IPC) model and how implementation flaws can lead to code execution on non-rooted devices. Learn how to leverage web application hacking skills in mobile bug bounties, focusing on embedded JavaScript, JavaScript-enabled activities, and authentication/authorization techniques. Discover insights on external storage vulnerabilities, package installation, obfuscation, crypto identification, WebView options, JavaScript interfaces, MITM proxy setup for mobile, services, activities, broadcast receivers, and exploiting exported components. Gain practical knowledge through examples, including the CVE-2013-6271 vulnerability, and learn how to identify and exploit various Android security weaknesses to enhance your bug bounty skills.
Advanced Android Bug Bounty Skills - Ben Actis, Bugcrowd's LevelUp 2017
Overview
Syllabus
Intro
Outline
Check /assets and /res/raw
Little things left in assets :
External Storage: Google Advice
External Storage Code Example
Installing Packages
Detecting reads/writes to external storage
Obfuscation
If it looks like a duck
Identifying crypto
Easy way to get decrypted values
Webview options
Javascript interfaces
Quick mitm proxy setup for mobile
What is a service
How one activity starts another
Starting a service
Broadcast Receiver #1
Dozer Tutorial
Intent receivers Fail example
Intent receiver fail
Abusing exported activities CVE-2013-6271
Abusing Services
Stop the service :
Splitting the parameter
Changing system properties :
Taught by
Bugcrowd
