安卓黑客手册（影印版英文版）

作者: Srinivasa 著 , Rao 著 , Kotipalli 著 , Mohammed 著 , A.Imran 著

出版社: 东南大学出版社

出版时间: 2017-10

版次: 1

ISBN: 9787564173623

定价: 82.00

装帧: 平装

开本: 16开

纸张: 胶版纸

页数: 353页

字数: 460千字

正文语种: 英语

分类: 计算机与互联网

6 张插图图片

7人买过

　　随着安卓移动手机数量在全球范围内的爆炸性增长，移动设备已经成为了我们日常生活中不可缺少的二部分。安卓设备的安全性是一个广泛的话题，同样应该纳入到日常生活中，为了抵御日益猖獗的智能手机攻击，从终端用户到开发人员和安全专家，所有人都应当关注安卓的安全性。
　　《安卓黑客手册（影印版英文版）》将一步步带你学习安卓安全。首先是一些*基础的内容，然后逐渐会接触到安卓提权、应用程序安全评定、恶意软件、APK文件感染以及模糊测试这些概念。在这个过程中，你将学会各种可用于日常渗透测试的工具和技术。你*终会获得进行安卓应用脆弱性评定以及渗透测试所需要的技能，创建出一个安卓渗透测试实验室。　　Srinivasa Rao Kotipalli (@sriniOx0 0) is a security researcher from India. He has extensive hands-on experience in performing web application, infrastructure, and mobile security assessments. He worked as a security consultant at Tata Consultancy Services India for two and a half years and later join9d a start-up in Malaysia. He has delivered training sessions on web, infrastructure, and mobile penetrahon testing for organizations across the world, in countries such as India, Malaysia, Brunei, and Vietnam. Through responsible disclosure programs, he has reported vulnerabilities in many top-notch orgaruzations. He holds a bachelor's degree in information technology and is OSCP certified. He blogs at www. androidpentesting . com and www.infosecinstitute.com.
　　
　　Mohammed A.Imran (@secfigo) is an experienced application security engineer and the founder of null Singapore and null Hyderabad. With more than 6 years of experience in product security and consulting, he spends most of his time on penetration testing, vulnerability assessments, and source code reviews of web and mobile applications. He has helped telecom, banking, and software development houses create and maintain secure SDLC programs. He has also created and delivered training on application security and secure coding practices to students, enterprises, and government orgaruzations. He holds a master's degree in computer science and is actively involved in the information security community and organizes meetups regularly. Preface

Chapter 1： Setting Up the Lab
installing the required tools
Java
Android Studio
Setting up an AVD
Real device
Apktool
Dex2jar/JD-GUI
Burp Suite
Configuring the AVD
Drozer
Prerequisites
QARK (No support for windows)
Getting ready
Advanced REST Client for Chrome
Droid Explorer
Cydia Substrate and Introspy
SQLite browser
Frida
Setting up Frida server
Setting up frida-client
Vulnerable apps
Kali Linux
ADB Primer
Checking for connected devices
Getting a shell
Listing the packages
Pushing files to the device
Pulling files from the device
Installing apps using adb
Troubleshooting adb connections
Summary

Chapter 2： Android Rooting
What is rooting?
Why would we root a device?
Advantages of rooting
Unlimited control over the device
Installing additional apps
More features and customization
Disadvantages of rooting
It compromises the security of your device
Bricking your device
Voids warranty
Locked and unlocked boot loaders
Determining boot loader unlock status on Sony devices
Unlocking boot loader on Sony through a vendor specified method
Rooting unlocked boot loaders on a Samsung device
Stock recovery and Custom recovery
Prerequisites
Rooting Process and Custom ROM installation
Installing recovery softwares
Using Odin
Using Heimdall
Rooting a Samsung Note 2
Flashing the Custom ROM to the phone
Summary

Chapter 3： Fundamental Building Blocks of Android Apps
Basics of Android apps
Android app structure
How to get an APK file?
Storage location of APK files
/data/app/
/system/app/
/data/app-private/
Android app components
Activities
……

Chapter 4： Overview of Attacking Android Apps
Chapter 5： Data Storage and Its Security
Chapter 6： Sewer-Side Attacks
Chapter 7： Client-Side Attacks - Static Analysis Techniques
Chapter 8： Client-Side Attacks - Dynamic Analysis Techniques
Chapter 9： Android Malware
Chapter 10： Attacks on Android Devices

Index
内容简介:
　　随着安卓移动手机数量在全球范围内的爆炸性增长，移动设备已经成为了我们日常生活中不可缺少的二部分。安卓设备的安全性是一个广泛的话题，同样应该纳入到日常生活中，为了抵御日益猖獗的智能手机攻击，从终端用户到开发人员和安全专家，所有人都应当关注安卓的安全性。
　　《安卓黑客手册（影印版英文版）》将一步步带你学习安卓安全。首先是一些*基础的内容，然后逐渐会接触到安卓提权、应用程序安全评定、恶意软件、APK文件感染以及模糊测试这些概念。在这个过程中，你将学会各种可用于日常渗透测试的工具和技术。你*终会获得进行安卓应用脆弱性评定以及渗透测试所需要的技能，创建出一个安卓渗透测试实验室。
作者简介:
　　Srinivasa Rao Kotipalli (@sriniOx0 0) is a security researcher from India. He has extensive hands-on experience in performing web application, infrastructure, and mobile security assessments. He worked as a security consultant at Tata Consultancy Services India for two and a half years and later join9d a start-up in Malaysia. He has delivered training sessions on web, infrastructure, and mobile penetrahon testing for organizations across the world, in countries such as India, Malaysia, Brunei, and Vietnam. Through responsible disclosure programs, he has reported vulnerabilities in many top-notch orgaruzations. He holds a bachelor's degree in information technology and is OSCP certified. He blogs at www. androidpentesting . com and www.infosecinstitute.com.
　　
　　Mohammed A.Imran (@secfigo) is an experienced application security engineer and the founder of null Singapore and null Hyderabad. With more than 6 years of experience in product security and consulting, he spends most of his time on penetration testing, vulnerability assessments, and source code reviews of web and mobile applications. He has helped telecom, banking, and software development houses create and maintain secure SDLC programs. He has also created and delivered training on application security and secure coding practices to students, enterprises, and government orgaruzations. He holds a master's degree in computer science and is actively involved in the information security community and organizes meetups regularly.
目录:
Preface

Chapter 1： Setting Up the Lab
installing the required tools
Java
Android Studio
Setting up an AVD
Real device
Apktool
Dex2jar/JD-GUI
Burp Suite
Configuring the AVD
Drozer
Prerequisites
QARK (No support for windows)
Getting ready
Advanced REST Client for Chrome
Droid Explorer
Cydia Substrate and Introspy
SQLite browser
Frida
Setting up Frida server
Setting up frida-client
Vulnerable apps
Kali Linux
ADB Primer
Checking for connected devices
Getting a shell
Listing the packages
Pushing files to the device
Pulling files from the device
Installing apps using adb
Troubleshooting adb connections
Summary

Chapter 2： Android Rooting
What is rooting?
Why would we root a device?
Advantages of rooting
Unlimited control over the device
Installing additional apps
More features and customization
Disadvantages of rooting
It compromises the security of your device
Bricking your device
Voids warranty
Locked and unlocked boot loaders
Determining boot loader unlock status on Sony devices
Unlocking boot loader on Sony through a vendor specified method
Rooting unlocked boot loaders on a Samsung device
Stock recovery and Custom recovery
Prerequisites
Rooting Process and Custom ROM installation
Installing recovery softwares
Using Odin
Using Heimdall
Rooting a Samsung Note 2
Flashing the Custom ROM to the phone
Summary

Chapter 3： Fundamental Building Blocks of Android Apps
Basics of Android apps
Android app structure
How to get an APK file?
Storage location of APK files
/data/app/
/system/app/
/data/app-private/
Android app components
Activities
……

Chapter 4： Overview of Attacking Android Apps
Chapter 5： Data Storage and Its Security
Chapter 6： Sewer-Side Attacks
Chapter 7： Client-Side Attacks - Static Analysis Techniques
Chapter 8： Client-Side Attacks - Dynamic Analysis Techniques
Chapter 9： Android Malware
Chapter 10： Attacks on Android Devices

Index