When performing a penetration test on an Android or iOS application the developer can implement what are called binary protections that hinder an attacker from easily analysing an application. Some of the more common protections are SSL pinning, code obfuscation…

Frida is a great toolkit by @oleavr, used to build tools for dynamic instrumentation of apps in userspace. It is often used, like Substrate, Xposed and similar frameworks, during security reviews of mobile applications.
Typically rooted Android devices are…

SANS Penetration Testing blog pertaining to Modifying Android Apps: A SEC575 Hands-on Exercise, Part 1

This is a curated list of mobile based CTFs, write-ups and vulnerable apps. Most of them are android based due to the popularity of the platform. - xtiankisutsa/awesome-mobile-CTF

Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities - dineshshetty/Android-InsecureBankv2

Mobile phones have become an indispensable part of our daily life. We use mobile phones to communicate with our loved ones, for quick access to information through the Internet, to make transaction…

Due to technical difficulties, the entirety of this video is unavailable. However, a PDF of the slides can be found at the MWR Infosecurity website: https://...

This is Swaroop Yermalkar's presentation from Bugcrowd's LevelUp 2017 conference. Learn how to get started with iOS app hacking & penetration testing, with OWASP iGoat!

Have a question? Ask it on the Bugcrowd forum: http://bgcd.co/2tZIr7I

Join Bugcrowd…