Beginners Guide - Think Like, and Act Like A Hacker To Secure Your Own System

For educational purpose only!


Disclaimer: This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. When I say beginners, I expect you to have knowledge of some programming language (Java, Kotlin, C#), an inquisitive mind to try things out, and the patience to first google and try to find answers to simple questions.


Requirements:

What is Reverse Engineering?



Reverse engineering is a process is breaking something down to understand it, build a copy or improve it. This process can be applied to hardware, software, databases or even human DNA.

Reverse engineering can be used for many purposes such as a learning tool or to expose security flaws and bad practices.

Reverse engineering of a software, hardware or database are legal unless the EULA prohibits it, then it is prohibited no matter what. Also beware of Digital Millennium Copyright Act (DMCA) and Google Play Console Developer Program Policy.


Think Like A Hacker, Mindset


You have in-app purchases but someone published a full paid version of your app for free? YOUR APP WAS PIRATED, HOW IS IT EVEN POSSIBLE?!

You need to to think like a hacker.

I believe that to protect your own system, you need to think like as an adversary or "think like a hacker".

This mindset is necessary to know how to response to an actual attack, know the tools, techniques and goals of a hacker. You need to study past attacks, common patterns attackers follow to tamper a build or compromise a system or network.

Example attack:

  • A mobile apps store informations they obtained from their server in a variable and use this in an if-else condition to determine if the user account can access premium content. The hacker can then alter this variable to build a full paid version of your app.
  • Look for connection properties such as api endpoints, api credentials, and network traffic. Then they can use curl terminal tool to modify the backend databases. This only works if the backend-api do not validate their clients.
  • Stealing sensitive informations.

Get Inside, and Attack

The best way to learn hacking is to practice hacking.

It's hard to find a hacking crash course since its generally illegal. For educational purpose, I want you to go to my repo and do the task such as tamper the build to steal login credentials -> https://bitbucket.org/ron_ang/hack-one/src/master/


Securing Your Mobile Apps

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, their goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation. Visit https://owasp.org/www-project-mobile-security/ to learn more.

Comments

Post a Comment

Popular posts from this blog

How To Check If Your Android Phone Is Official Or Rooted

Image
You are probably here because you're uncertain if your phone has been rooted or official. This blog posts will tell you several ways to check if your phone is rooted (tampered). Usually Android phone manufacturers are putting restrictions to what the users can do and install on their phone. Some people break those restrictions by rooting the device. Android is a modified Linux kernel, so rooting the device will give the user an access to administrative permissions or super user. A rooted device are open to many security risks. A rooted device will not be able to receive software updated via OTA. Use My Root Checker App I have an app that can check if your phone has indication of root (meaning the phone has been tampered). All you have to do is to click on the Google Play badge below, install and open the app on your phone! My root checker app is less than 3mb and it has simple UI. Use The Phone Settings Simply go to your phone settings and search for 'device status&#
Read more

Android Reverse Engineering - Beginners Guide To Smali Coding

Presenting to you a beginners guide to reverse engineer an Android applications. Please use this for learning purposes only. Do not break intellectual properties. Disclaimer: This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. When I say beginners, I expect you to have knowledge of some programming language (Java, Kotlin, C#), an inquisitive mind to try things out, and the patience to first google and try to find answers to simple questions. What is Reverse Engineering? Reverse engineering is a process is breaking something down to understand it, build a copy or improve it. This process can be applied to hardware, software, databases or even human DNA. Reverse engineering can be used for many purposes such as a learning tool
Read more

Conquering macOS Upgrades: A Guide for iOS App Developers

Every new macOS update sparks a mix of excitement and trepidation for iOS developers. Sure, there are shiny new features and performance improvements, but lurking beneath the surface might be compatibility gremlins and unforeseen quirks. Fear not, brave coders! With this guide, you'll be navigating macOS upgrades like a seasoned pro, ensuring your apps continue to shine. 1. Xcode & the SDK Tango: First things first: update Xcode . It's the maestro orchestrating your app's development symphony, and keeping it current ensures compatibility with the latest macOS magic. Head to the App Store's Updates tab and let the conductor take its rightful place. Next, grab the newest iOS SDK . Think of it as the sheet music your app dances to. Open Xcode, navigate to Preferences > Locations, and check the "Command Line Tools" box before hitting "Download. " Now, your app has the moves to impress on the latest stage. 2. Compatibility Che
Read more