PENTESTING ANDROID APPS BUG BOUNTY 2.0

Broader the Scope, Better the Bounties.

Experience it with Bug Bounty 2.0!

2021/04/01 20:00:00

Register before April 14, 2021 to unlock exciting bonuses. Workshop starts on : 1st April

How does Bug Bounty 2.0 work?

Bug Bounty 2.0 is a LIVE hands-on workshop especially designed for learning Android Application Penetration Testing. As bug bounty being competitive, this workshop is focused to expand the scope of bug bounty hunting and making better chances to earn higher bounties.

  There are total of 3 modules, everyday live sessions + live Q&A, live test and a live bug hunting session on the last day to end the workshop with a bang. You will get access to a total of 10 hours of content throughout this workshop.

Live Sessions

Everyday you’ll be invited for a live session where you’ll be learning and performing hands-on practicals for android application penetration testing.

Live Test

A live test will be conducted on the last day of this workshop to make you feel more confident before you attempt to pentest real-world applications.

Live Bug Hunting

On last day, a live bug hunting will be conducted on multiple applications to help you understand the real approach with real experience.

Who can attend Bug Bounty 2.0?

  • v1.0 Participants: Yes, as 2.0 is an extension to the previous workshop.
  • Students: Not only college students, but this workshop is designed in a way that even the school students can also understand. No coding knowledge required to get started.
  • Professionals: Whether you are a Security Aspirant, Developer or a QA Tester, you cannot be limited to what you are doing. Add a new feather to your cap by learning OWASP Top 10 Mobile Application Security Vulnerabilities.
  • Freelancers: Enhance your service catalogue by adding Android Application Security Testing into the list.
  • Trainers: As a trainer, you always need to update yourself to the latest technology and trends. Why miss this chance?

What You Will Learn in Over 4 Value Packed Days

The 4 Day Workshop is designed to expand your bug bounty hunting scope by finding security vulnerabilities in android applications and reporting it to the concerned companies. All this along with live demonstrations, hands-on practicals, live Q&A , live test, live bug hunting and much more!

  • Mobile Device Overview
  • Risks Associated with the Data Stored on Mobile Device
  • Introduction to OWASP Mobile Top 10 Project
  • OWASP Mobile Top 10 2014
  • OWASP Mobile Top 10 2016
  • OWASP Mobile Top 10 2014 vs 2016
  • Android Architecture
  • Android Security Model
  • Application Isolation
  • Secure IPC
  • Application Lifecycle
  • APK Generation
  • What’s inside an APK?
  • Components of APK
  • Android Permission Model
  • Application Signing
  • Application Verification
  • Application Sandbox
  • App Permissions
  • UI Input
  • Network
  • IPC
  • External Storage
  • Internal Storage
  • Structure of AndroidManifest.xml file
  • Understanding AndroidManifest.xml file
  • Identifying security issues
  • Leveraging it for further static & dynamic analysis
  • List of Tools to be installed
  • Brief understanding of tools
  • Android Pentesting Distros
  • Alternative & Easy Way to setup the lab quickly without any distros
  • Reverse Engineering
  • Analyzing Permissions through AndroidManifest.xml
  • Insecure Hardcoding – API Keys Leakage
  • Insecure Hardcoding – Authentication Token
  • Insecure Hardcoding – Internal IP Disclosure
  • Insecure Hardcoding – Embedded Third-Party Secrets
  • Insecure Hardcoding – Sensitive Information Disclosure
  • Clear text data in Logs
  • Risky Java APIs
  • Weak Hashing Algorithm
  • Predictable Random Number Generator
  • Weak Encryption Implementation
  • Weak Initialization Vector
  • Weak EncodingUsage of banned API functions
  • Cleartext SQLite database
  • Temp File Creation
  • Android Pasteboard vulnerability
  • Android keyboard cache issues
  • Android Backup Vulnerability
  • Insecure SDCard storage
  • Developer Backdoor
  • Insecure HTTP Connection
  • Setting up Burp Suite
  • Untrusted CA Acceptance
  • Certificate Pinning
  • SQL Injection
  • Local File Inclusion
  • Cross Site Scripting
  • HTML Injection
  • Application Level Denial of Service (DoS) Attack
  • Session Misconfigurations
  • Weak Authorization Mechanism
  • Intent Sniffing and Injection
  • Flawed Broadcast Receiver
  • Exploiting Debuggable Apps
  • Introduction to Frida – A Dynamic Instrumentation Toolkit
  • Setting up Frida Server
  • Setting up Frida CLI
  • Root Detection bypass
  • Certificate Pinning bypass
  • Playing with Frida Scripts
  • Runtime Mobile Security
  • Automating Frida
  • Automated Static, Dynamic & Runtime Analysis

Register before midnight of April 14, 2021

To unlock the bonuses

  • Bonus 1: Curated List of Mobile Apps in scope of Bug Bounty Program
  • Bonus 2: Live Bug Hunting on Real Apps
  • Bonus 3: Vulnerability Report Template
  • Bonus 4: Participation Certificate

Btw, you are not the first to take my Workshop

More than 7000 people have taken my Workshops. So trust me, you won’t be disappointed 😁

Before you ask for it

Here is some proof. I have recorded a quick video unveiling the #1 Career Skill and few of my bug bounties too. 🙂

About the Trainer – Smit Shah

Smit Shah, a young and dynamic personality is a Hacker by profession and an entrepreneur by heart. As a Co-founder & CEO of eSecurify, he is securing 72+ Indian Co-operative Banks & 50+ SaaS & Online Businesses across the globe. He started doing bug bounty in 2013 when he was in college. He has been acknowledged as “Most Valued Hacker” by Hackerone in 2016. He is also a proud member of Synack Red Team. As training is his passion, he is all set with a new mission to train thousands of students and forming a private community of bug bounty hunters to start a first of its kind an Indian Private Bug Bounty Platform to secure SMEs at an affordable costs and help the members of community to learn and earn.

Acknowledged & Rewarded by Some of the Cyber Security Companies

I have been Featured in

Frequently Asked Questions ( FAQ )

I have tried my best to answer all the frequently asked questions. If you still have more questions, please email to : [email protected] ( Give us 6 hours to respond back ) My awesome support team will get back to you 🙂

When does the workshop start?

Workshop starts from 1st April and ends on 4th April 2021.

Will this be live or pre-recorded?

This is going to be 100% LIVE Workshop.

What are the timings?

Everyday evening 08:00 to 10:00 PM IST.  On Sunday i.e. 4th April 2021, timing will be from 06:00 to 10:00 PM IST.

I have a full time job, not sure if I can make it. Will you be sharing recordings?

Yes, the recorded videos will be added to your account so that you can watch them later.

Would there be any certificate on completion?

Yes, we will provide you a certificate of completion at the end of the workshop.

Will I be able to make a lot of money after this workshop?

Yes, but the key is rigorous practice with endless dedication to learn, earn and grow.

Do you have an affiliate program?

No, but you may write to [email protected] if you are interested.

I made the payment but didn’t receive any email

Please write an email to [email protected] with your transaction ID.

When can I receive the bonus?

Bonus will be unlocked at the end of the workshop.

Why is it 100$ for non Indians?

The workshop is super under priced keeping in mind Indian spend capacity. So for everyone who is not residing in India (be it Indian or not) you will be charged at 100$. This is still a super under priced considering the value given away in the workshop.