Скачать или смотреть Oracle - LIVE MOBILE BUG BOUNTY (RECON #1)

Oracle Municipal Code Officer - Android App

In this video I will only show the initial reconnaissance stage that I usually do (personally and with my methods) when I do intrusion tests to Mobile Apps.

Today you will not see any exploit, nor any kind of exploitation of a vulnerability because it is only RECOGNITION.

Unfortunately, the next video will also be about recognition.

But already in the third one (and after its patching and Oracle's authorization) you will be able to see an exploit (if I find it (I will)).

00:00 - Intro
00:30 - Internal Storage (Sandbox) Analysis
02:15 - Behavior Analysis
04:47 - Internal Storage (Sandbox) Analysis 2
07:46 - APK Extraction
08:45 - Unpacking APK
09:00 - Inspecting Content Providers & URLs
09:50 - Inspecting Cordova Assets (JavaScript Code)
14:05 - Decompiling APK (JADX) & AndroidManifest.xml Analysis
21:27 - Source Code & Behavior Analysis (Logs)
37:21 - Internal Storage (Sandbox) Analysis 3
38:33 - Source Code & Behavior Analysis (Logs) 2
43:01 - Resources Analysis
44:26 - End