Unlocking the Secrets of Android DeepLink Exploitation null Bangalore Meet 29 March 2025 Null/OWASP
Abstract
Concepts covered:
Android Terminologies
Exploiting DeepLink:
1. To load an arbitrary URL (No Host Validation)
2. To load an arbitrary URL (Weak Host Validation)
3. To steal sensitive files from Local Storage (LFI)
4. To perform Cross Site Scripting attack (XSS)
5. To perform CSRF
6. Stealing cookies to perform Account Compromise
7. Exploit DeepLink via adb
8. Exploit DeepLink via html webpage
9. Exploit DeepLink by creating android application
Speaker
Timing
Starts at Friday May 23 2025, 01:45 PM. The sessions runs for 2 months.