Ethical Mobile Security Testing with Kali Linux (Authorized Only)

67 topics across 6 chapters

Chapter 1

Legal, ethics, and threat modeling for mobile testing

Authorization, laws, and scope (consent-first)

3 subtopics

Write a permission-to-test scope document (template + required clauses)

Evidence handling: notes, timestamps, logs, and chain-of-custody basics

Rule of engagement: only test phones you own or have explicit written permission to test

Responsible disclosure and professional ethics

1 subtopics

Create a responsible disclosure timeline and communication checklist

Threat modeling for mobile apps and devices

1 subtopics

Build a simple mobile threat model using STRIDE (assets, trust boundaries, abuse cases)

Chapter 2

Building a safe mobile testing lab (Kali + devices + tooling)

Kali/Linux fundamentals for a mobile testing workflow

2 subtopics

Linux CLI essentials: files, permissions, processes, networking commands

Install/update tools safely (apt hygiene, venv/pipx basics, snapshots/backups)

Safe mobile test environment (emulators, test devices, isolation)

3 subtopics

Set up Android Studio emulator for security testing (debuggable builds, Google APIs vs AOSP)

Prepare a dedicated Android test device (developer options, backups, safe reset plan)

iOS testing constraints overview (what is and isn’t feasible, legal/technical limits)

Traffic interception and capture setup

2 subtopics

Configure Burp Suite proxying with an Android emulator/device (Wi‑Fi + cert install)

Capture traffic with tcpdump/Wireshark (filters, TLS caveats, pcap hygiene)

Chapter 3

Networking foundations for mobile security testing

Core protocols used by phones (Wi‑Fi, TCP/IP, DNS, TLS)

2 subtopics

Explain DHCP/DNS/ARP and how misconfigurations affect mobile apps

TLS basics: certificates, trust stores, and common validation failures

Recon and scanning in a lab (authorized targets only)

2 subtopics

Use Nmap safely in a lab: host discovery, service detection, scripts (NSE) basics

Service enumeration checklist (HTTP(S), SSH, MQTT, custom ports) and documentation

Wireless security for your own network (defensive + auditing)

2 subtopics

Set up a WPA2/WPA3 lab router and verify defenses (strong PSK, WPA3, PMF, guest isolation)

Rogue AP and evil-twin risks: detection and prevention strategies

Chapter 4

Android platform security and device-level testing (authorized)

Android OS security model

2 subtopics

Permissions, sandboxing, app UID model, and SELinux (conceptual mastery)

Secure storage on Android: Keystore, encrypted prefs, databases, files (what can go wrong)

Device-level testing techniques (Android)

3 subtopics

ADB essentials for authorized testing (install, logs, file access limits, debugging)

Rooting concepts and risk tradeoffs (why not to do this on real/production devices)

Frida basics for runtime inspection (authorized apps only; hooks, tracing, common pitfalls)

Logs, diagnostics, and defensive forensics (Android basics)

2 subtopics

Collect logcat, bugreports, and crash traces safely (redaction + storage hygiene)

Basic incident response for Android devices (triage steps and containment)

Chapter 5

Mobile app and API security testing (OWASP-style methodology)

API and backend testing for mobile apps

3 subtopics

Test authN/authZ: session handling, IDOR/BOLA patterns, privilege boundaries

Abuse and rate limiting tests (brute force protection, enumeration resistance)

Input validation and injection in APIs (JSON pitfalls, SQL/NoSQL concepts, SSRF awareness)

Static analysis for mobile apps (Android focus)

2 subtopics

Use MobSF to triage an APK (find risky permissions, hardcoded secrets, trackers)

Manual code review checklist for Android apps (crypto, storage, WebView, IPC)

Dynamic analysis and runtime testing

2 subtopics

Intercept app traffic ethically: proxying workflow + certificate pinning concepts (no bypass playbooks)

↗ Frida basics for runtime inspection (authorized apps only; hooks, tracing, common pitfalls) (see Chapter 4)

Common mobile security issues + how to validate and document them

3 subtopics

OWASP MASVS/MSTG: how to map findings to requirements and tests

Insecure data storage checks (logs, caches, backups, screenshots, clipboard) + verification steps

Cryptography misuse patterns (bad randomness, ECB, broken TLS usage) and safer alternatives

Chapter 6

Reporting, remediation, and hardening

Write high-quality findings (clear reproduction and impact)

2 subtopics

Write a proof-of-concept description without providing exploit code (safe, reproducible steps)

Evidence best practices: screenshots/video, redaction, and secure storage

Risk rating and prioritization

1 subtopics

CVSS basics and how to justify severity for mobile findings

Fix verification and regression testing

1 subtopics

Create a regression test plan for each fixed issue (what to retest and why)

Hardening guidance (user, app, and org controls)

2 subtopics

Android hardening for end users (updates, app sources, permissions, backups, 2FA)

Enterprise mobile security overview (MDM, compliance baselines, app attestation concepts)