Beginners Guide - Think Like, and Act Like A Hacker To Secure Your Own System

For educational purpose only!


Disclaimer: This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. When I say beginners, I expect you to have knowledge of some programming language (Java, Kotlin, C#), an inquisitive mind to try things out, and the patience to first google and try to find answers to simple questions.


Requirements:

What is Reverse Engineering?



Reverse engineering is a process is breaking something down to understand it, build a copy or improve it. This process can be applied to hardware, software, databases or even human DNA.

Reverse engineering can be used for many purposes such as a learning tool or to expose security flaws and bad practices.

Reverse engineering of a software, hardware or database are legal unless the EULA prohibits it, then it is prohibited no matter what. Also beware of Digital Millennium Copyright Act (DMCA) and Google Play Console Developer Program Policy.


Think Like A Hacker, Mindset


You have in-app purchases but someone published a full paid version of your app for free? YOUR APP WAS PIRATED, HOW IS IT EVEN POSSIBLE?!

You need to to think like a hacker.

I believe that to protect your own system, you need to think like as an adversary or "think like a hacker".

This mindset is necessary to know how to response to an actual attack, know the tools, techniques and goals of a hacker. You need to study past attacks, common patterns attackers follow to tamper a build or compromise a system or network.

Example attack:

  • A mobile apps store informations they obtained from their server in a variable and use this in an if-else condition to determine if the user account can access premium content. The hacker can then alter this variable to build a full paid version of your app.
  • Look for connection properties such as api endpoints, api credentials, and network traffic. Then they can use curl terminal tool to modify the backend databases. This only works if the backend-api do not validate their clients.
  • Stealing sensitive informations.

Get Inside, and Attack

The best way to learn hacking is to practice hacking.

It's hard to find a hacking crash course since its generally illegal. For educational purpose, I want you to go to my repo and do the task such as tamper the build to steal login credentials -> https://bitbucket.org/ron_ang/hack-one/src/master/


Securing Your Mobile Apps

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, their goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation. Visit https://owasp.org/www-project-mobile-security/ to learn more.

Comments

Post a Comment

Popular posts from this blog

CTF Practice - Reverse Engineering Android Apps 101

Image
Introduction On this blog we will crack some real world unsecured Android applications. For educational purpose only! Disclaimer:  This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. I expect you to have knowledge of some programming language (Java, Kotlin, C/C++, C#), an inquisitive mind to try things out, and the patience to first google and try to find answers to simple questions. Environment : OpenJDK 8 Android Studio SDK Visual Studio Code IDE with APKLab Reverse Engineering Android Apps - DEX Bytecode The goal of this exercise is to crack a real world Android apps to bypass the verification code to become a premium user. Step 0x1 Download the Apk . Step 0x2 Decompile the APK with Visual Studio Code. Step 0x3 Examine the manifest. We see that it only have one activity. Step 0x4 Look for if-else co...
Read more

Real-world Applications of Computer Programming

Image
Computer programming is the process of creating instructions for a computer to follow. It is a skill that is in high demand, and it can be used to create a wide variety of applications, from simple websites to complex artificial intelligence systems. Here are some specific examples of the real-world applications of computer programming: Healthcare: Computer programming is used to develop medical devices, electronic health records systems, and other healthcare-related software. For example, programmers have developed pacemakers that can regulate a person's heartbeat, insulin pumps that can automatically deliver insulin to diabetics, and imaging systems that can help doctors diagnose diseases. Finance: Computer programming is used to develop trading software, risk management systems, and other financial software. For example, programmers develop software that can help banks and other financial institutions assess risk and make investment decisions. Manufacturing: Computer programming...
Read more

Strengths and Weaknesses of iOS & Android

In the ever-evolving landscape of mobile technology, two giants stand at the forefront: iOS and Android. Each operating system boasts its own set of strengths and weaknesses, catering to different preferences and priorities of users worldwide. Let’s delve into the intricacies of both platforms to understand their distinct qualities. iOS: Unmatched Integration and Security iOS, the proprietary operating system developed by Apple, is renowned for its seamless integration of hardware and software. This cohesion ensures a consistently smooth user experience across various Apple devices such as the iPhone, iPad, and iPod Touch. The meticulous optimization of iOS for Apple’s hardware enhances performance and reliability, setting a high standard for user satisfaction. One of iOS’s standout features is the unparalleled quality of its applications. The rigorous review process enforced by Apple before apps are accepted into the App Store ensures a level of quality and security that users can tru...
Read more