楊中皇老師 一百零六學年度第一學期 (Fall 2017) 「 行動安全研究」參考資料:

  1. 課程大綱

  2. 國立高雄師範大學行事曆

  3. 高雄師範大學開課資料查詢系統

  4. 學校選課學生名單

  5. 教科書: Hacking Android

  6. 參考書: Android Security Internals

  7. 參考書: Android Hacker's Handbook

  8. 參考書: Learning Pentesting for Android Devices, XDA Developers' Android Hacker's Toolkit Android Forensics

  9. Google's Introduction to Android Security, https://source.android.com/devices/tech/security/

  10. Faux Disk Encryption: Realities of Secure Storage on Mobile Devices。https://www.youtube.com/watch?v=IqdSv-o2UCk

  11. The Android Security Jungle: Pitfalls, Threats & Survival Tips, https://www.youtube.com/watch?v=18tn_mF4XRg

  12. Android N for Developers, https://developer.android.com/preview/api-overview.html

  13. Try Android N Developer Preview for Sony Xperia™ Z3, https://developer.sony.com/develop/smartphones-and-tablets/android-n-developer-preview/

  14. Nexus 安全性公告 — 2016年2月

  15. Black Hat USA 2015 - Android Security State Of The Union, https://www.youtube.com/watch?v=aBWh7izacqg

  16. Android Security 2015 Year In Review, http://static.googleusercontent.com/media/source.android.com/zh-TW//security/reports/Google_Android_Security_2015_Report_Final.pdf

  17. Android Security 2015 Year in Review, https://www.youtube.com/watch?v=ydBMH_W31Ls

  18. First Preview of Android N: Developer APIs & Tools, http://android-developers.blogspot.tw/2016/03/first-preview-of-android-n-developer.html

  19. Google Report - Android security 2014 Year in Review, https://source.android.com/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf

  20. Android主要版本與使用分佈

  21. android list avd
    emulator –avd [avdname]
    adb devices
    adb shell pm list packages
    adb shell dumpsys meminfo
    adb logcat
    adb shell monkey nn
    java –jar burpsuite_free_v1.6.jar

  22. https://code.google.com/p/dex2jar/
    ./d2j-dex2jar.sh [apkname].apk
    http://jd.benow.ca/#jd-gui 
    https://code.google.com/p/android-apktool/downloads/list 

  23. apktool d [app-to-decompile].apk
    apktool b app-folder/ [target-app-name].apk
    http://www.virtuous-tenstudio.com/
    adb install appname.apk

  24. https://labs.mwrinfosecurity.com/tools/drozer/
    https://github.com/SecurityCompass
     

  25. Burp Suite/Proxy, http://portswigger.net/burp/download.html 
    Charles Proxy, http://www.charlesproxy.com
    MITMProxy, http://mitmproxy.org

  26. NetworkMiner, http://www.netresec.com/?page=NetworkMiner

  27. BusyBox, https://play.google.com/store/apps/details?id=stericson.busybox

  28. XDA-Developers, http://forum.xda-developers.com

  29. The Sleuth Kit (TSK), http://www.sleuthkit.org/sleuthkit/ 
    Oxygen Suite, http://www.oxygen-forensic.com 
    Internet Evidence Finder (IEF), http://www.magnetforensics.com/software/internet-evidence-finder/

  30. Andriller, https://www.andriller.com 

  31. adb (Android Debug Bridge) How It Works, https://www.youtube.com/watch?v=0y8Xn5NfpLY

  32. adb, http://developer.android.com/tools/help/adb.html

  33. drozer, https://github.com/mwrlabs/drozer , https://www.mwrinfosecurity.com/products/drozer/community-edition/

  34. sqlite3, http://developer.android.com/tools/help/sqlite3.html

  35. SQLite Browser, http://sourceforge.net/projects/sqlitebrowser/

  36. firefox附加元件 SQLite Manager, https://addons.mozilla.org/zh-tw/firefox/addon/sqlite-manager/

  37. SuperSU, https://play.google.com/store/apps/details?id=eu.chainfire.supersu
    SuperUser, https://play.google.com/store/apps/details?id=com.koushikdutta.superuser

  38. Sony boot loader unlock: http://developer.sonymobile.com/unlockbootloader/
    HTC boot loader unlock: http://www.htcdev.com/bootloader/

  39. Smartphone Pentest Framework, https://www.youtube.com/watch?v=dwYEFeRDqio

  40. Android runtime (ART), https://source.android.com/devices/tech/dalvik/ , https://www.youtube.com/watch?v=EBlTzQsUoOw 

  41. AOSP source browsing facility, https://code.google.com/p/android-source-browsing/

  42. Android's Gerrit Code Review, https://android-review.googlesource.com/ 

  43. OWASP Mobile Security Project, https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

  44. 安卓安全中文站,http://www.droidsec.cn

Chapter 1: SETTING UP THE LAB
Chapter 2: ANDROID ROOTING
Chapter 3: FUNDAMENTAL BUILDING BLOCKS OF ANDROID APPS
Chapter 4: OVERVIEW OF ATTACKING ANDROID APPS
Chapter 5: DATA STORAGE AND ITS SECURITY
Chapter 6: SERVER-SIDE ATTACKS
Chapter 7: CLIENT-SIDE ATTACKS – STATIC ANALYSIS TECHNIQUES
Chapter 8: CLIENT-SIDE ATTACKS – DYNAMIC ANALYSIS TECHNIQUES
Chapter 9: ANDROID MALWARE
Chapter 10: ATTACKS ON ANDROID DEVICES