Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

The player is loading ...

Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Joel’s HackerOne Android Hacking Introduction:

https://t.ly/f87D

Android Pixel Lock Screen Bypass

https://t.ly/Q_qq

Exploiting Deeplink URLs:

https://inesmartins.github.io/exploiting-deep-links-in-android-part1/index.html

Joel’s get_schemas tool:

https://github.com/teknogeek/get_schemas

Example AndroidManfest.xml we referenced:

https://t.ly/mcN1

https://t.ly/ErVV

Android docs for intent filters:

https://developer.android.com/guide/components/intents-filters.html

Android docs for “setAllowContentaccess”:

https://t.ly/hXOZ

Android docs for “setAllowFileAccess”:

https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)

Add JavaScript Interface to Webview:

https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String)

Joel’s SSL Pinning Bypass:

https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725

Google Chrome Docs for Intent URLs:

https://developer.chrome.com/docs/multidevice/android/intents/#considerations

Joel’s Bug Bounty Report:

https://hackerone.com/reports/423467

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Listen On

Recent Episodes