楊中皇老師 一百零五學年度第一學期 (Fall 2016)「 網際網路應用研究」參考資料:

  1. 課程大綱

  2. 國立高雄師範大學行事曆

  3. 高雄師範大學開課資料查詢系統

  4. 學校選課學生名單

  5. 教科書: Android Hacker's Handbook

  6. 參考書: Learning Pentesting for Android Devices, XDA Developers' Android Hacker's Toolkit Android Forensics

  7. Android Malware and Analysis, CRC Press, 2014.

  8. 10月20日不上課,調課到10月27日

  9. 12月29日不上課,調課到11月24日、12月1日、12月8日

  10. 10/27 *

    Chapter 1 Looking at the Ecosystem

    10/27 *

    Chapter 2 Android Security Design and Architecture

    11/3   *

    Chapter 3 Rooting Your Device

    11/10 *

    Chapter 4 Reviewing Application Security

    11/17 *

    Chapter 5 Understanding Android's Attack Surface

    11/24 *

    Chapter 6 Finding Vulnerabilities with Fuzz Testing

    12/1   劉*

    Chapter 7 Debugging and Analyzing Vulnerabilities

    12/8   黃*

    Chapter 8 Exploiting User Space Software

    12/15 *

    Chapter 9 Return Oriented Programming

    12/22 *

    Chapter 10 Hacking and Attacking the Kernel

  11. 1/5   鄭*

    A game of Droid and Mouse The threat of split-personality malware on Android

    1/5   劉*

    Checking More and Alerting Less Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting

    1/5    李*

    TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime

    1/12  *

    The Anatomy of Smartphone Unlocking

    1/12  *

    What you mark is what apps see

     

    Google’s Pixel phone event in 10 minutes, https://www.youtube.com/watch?v=p1qHV6ReJLI

  12. OWASP (Open Web Application Security Project) 台灣分會

  13. 大陸中央網絡安全和信息化領導小組,http://www.cac.gov.cn

  14. FreeBuf關注黑客與極客 http://www.freebuf.com

  15. 網路犯罪導致全球每年損失6兆億美金,網絡安全人士失業率降至零,http://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

  16. Smartphones Become Next Frontier in Cybersecurity (智慧型手機為網路空間安全的下一個新領域)

  17. Google's Introduction to Android Security, https://source.android.com/devices/tech/security/

  18. Google Report - Android security 2014 Year in Review, https://source.android.com/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf

  19. Android主要版本與使用分佈

  20. android list avd
    emulator –avd [avdname]
    adb devices
    adb shell pm list packages
    adb shell dumpsys meminfo
    adb logcat
    adb shell monkey nn
    java –jar burpsuite_free_v1.6.jar

  21. https://code.google.com/p/dex2jar/
    ./d2j-dex2jar.sh [apkname].apk
    http://jd.benow.ca/#jd-gui 
    https://ibotpeaches.github.io/Apktool/ 

  22. apktool d [app-to-decompile].apk
    apktool b app-folder/ [target-app-name].apk
    http://www.virtuous-tenstudio.com/
    adb install appname.apk

  23. https://labs.mwrinfosecurity.com/tools/drozer/
    https://github.com/SecurityCompass
     

  24. Burp Suite/Proxy, http://portswigger.net/burp/download.html 
    Charles Proxy, http://www.charlesproxy.com
    MITMProxy, http://mitmproxy.org

  25. NetworkMiner, http://www.netresec.com/?page=NetworkMiner

  26. BusyBox, https://play.google.com/store/apps/details?id=stericson.busybox

  27. XDA-Developers, http://forum.xda-developers.com

  28. The Sleuth Kit (TSK), http://www.sleuthkit.org/sleuthkit/ 
    Oxygen Suite, http://www.oxygen-forensic.com 
    Internet Evidence Finder (IEF), http://www.magnetforensics.com/software/internet-evidence-finder/

  29. Andriller, https://www.andriller.com 

  30. adb (Android Debug Bridge) How It Works, https://www.youtube.com/watch?v=0y8Xn5NfpLY

  31. adb, http://developer.android.com/tools/help/adb.html

  32. drozer, https://github.com/mwrlabs/drozer , https://www.mwrinfosecurity.com/products/drozer/community-edition/

  33. sqlite3, http://developer.android.com/tools/help/sqlite3.html

  34. SQLite Browser, http://sourceforge.net/projects/sqlitebrowser/

  35. firefox附加元件 SQLite Manager, https://addons.mozilla.org/zh-tw/firefox/addon/sqlite-manager/

  36. SuperSU, https://play.google.com/store/apps/details?id=eu.chainfire.supersu
    SuperUser, https://play.google.com/store/apps/details?id=com.koushikdutta.superuser

  37. Sony boot loader unlock: http://developer.sonymobile.com/unlockbootloader/
    HTC boot loader unlock: http://www.htcdev.com/bootloader/

  38. Smartphone Pentest Framework, https://www.youtube.com/watch?v=dwYEFeRDqio

  39. Android runtime (ART), https://source.android.com/devices/tech/dalvik/ , https://www.youtube.com/watch?v=EBlTzQsUoOw 

  40. AOSP source browsing facility, https://code.google.com/p/android-source-browsing/

  41. Android's Gerrit Code Review, https://android-review.googlesource.com/ 

  42. OWASP Mobile Security Project, https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

  43. 安卓安全中文站,http://www.droidsec.cn
     

Chapter 1 Looking at the Ecosystem

Chapter 2 Android Security Design and Architecture

Chapter 3 Rooting Your Device

Chapter 4 Reviewing Application Security

Chapter 5 Understanding Android's Attack Surface

Chapter 6 Finding Vulnerabilities with Fuzz Testing

Chapter 7 Debugging and Analyzing Vulnerabilities

Chapter 8 Exploiting User Space Software

Chapter 9 Return Oriented Programming

Chapter 10 Hacking and Attacking the Kernel

Chapter 11 Attacking the Radio Interface Layer

Chapter 12 Exploit Mitigations

Chapter 13 Hardware Attacks