Security for everyone

eLearnSecurity - eMAPT Certification and Course Review

SecurityForEveryone

Security for Everyone

12/Apr/22

This review will include the course process, labs, exam, and exam result evaluation. In addition, I will cover course materials, lab cases, support communication, exam questions, and exam result evaluation during the review.

Course Materials - Android

Android Architectures: If you're starting in this field and don't have much experience yet, this section might be a heavy start. But please don't get discouraged. Remember, this course is trying to prepare you for the best. This section contains information about how the Android operating system works and its similarities and differences with a standard Linux operating system.

Setting up a testing environment: ​​This section is shorter and contains less information than other sections. However, it is an excellent opportunity -and significant for beginners- to open a special section on ‘how to set up the test environment?’ at the beginning of the course. Because usually, people spend a lot of time properly configuring the appropriate test environment :)

Reversing APKS: This is the first chapter where you'll start getting your hands dirty and delve deeper into the Android universe. It contains information on how to reverse an APK file.

Device Rooting: This section explains the device rooting process, which will give you a significant advantage, especially in your real-life pentests. The only shortcoming of this chapter, in my opinion, was that it is too theoretical. It could have included more practical examples of how to root a device and more information on specific cases encountered while rooting the device.

Android Application Fundamentals: This section contains comprehensive information about the functions and software side of Android applications. If you have not developed an Android application before and encountered this information for the first time, this section may be confusing. You may also be confused about where to use this section in a penetration test. However, the primary purpose of this section is to give you a better understanding of the vulnerabilities you will learn by explaining the background operation of an Android application. Finally, in the final exam, you are expected to write an exploit APK that asks you to exploit various vulnerabilities. Therefore, you can be sure to use your knowledge in this section during the final exam.

Network Traffic: This section explains how mobile applications generate SSL traffic and how to carry out a successful man-in-the-middle attack by transferring this SSL traffic through a proxy.

Device and Data Security: This section describes how Android applications leave files on the device and how they are secured.

Tapjacking: This type of attack is almost the same as clickjacking. So, in this section, I can say that it describes the clickjacking attack on the mobile device.

Static Code Analysis: I think this is the most beautiful and most important part of the course. It is a section where you can improve your skills with a lot of theoretical and practical knowledge, and if you have just started, you can gain experience. In addition, this section will give you information about QARK, which is frequently used in tests.

Dynamic Code Analysis: Although not as great as Static Code Analysis, this chapter was also very instructive. This section, which is the last part of the Android, gives you comprehensive information about how to analyze an application while it is running on a device.

Labs - Android

A total of 21 APKs will be presented to you in a lab, where you can put the theoretical knowledge you have learned into practice. I want you to know that most of these labs are more straightforward than the cases you will encounter and are intended to reinforce the knowledge you have learned; therefore, I do not think you will have difficulties in these labs. However if there is a lab that you realize that you do not understand or experienced a problem, please work more on that subject. In general, I can say that the labs are sufficient and comprehensive. It is also good preparation for the exam.

The topics on the iOS side are almost the same. But if you are new to this field, the iOS side will challenge you. It is much more complex than Android with all its scopes (reverse, static, dynamic, etc.). It is more limited than Android in terms of lab and material in education. However, I can say that it is an advantage since such documents and resources about iOS penetration testing are very difficult to find on the internet.

Exam

You don't have to worry if you are already working on penetration testing and mobile app-device security. Probably the exam will only take one day. You are given seven days for the exam. You are expected to develop an APK that exploits the vulnerabilities in the APKs provided in line with the exam guidelines. No penetration test report is required. Just a working exploit apk and its source code. The best part of giving seven days for the exam is that you will not have to give money again due to pandemics, diseases, and systemic malfunctions caused by you. That's enough time for all setbacks. If you do not have experience in this field, definitely buy the training and focus on the labs. If you are an experienced penetration tester, it will be enough to look at the topics.

Conclusion

The part I liked the most in this process was the support part of clear security. They were swift and involved. Shortly after completing the exam and uploading the necessary files to the system, I was notified that I had completed the exam. Although you are told that your exam will be evaluated within 30 days, your result will probably be announced sooner. If you fail the exam, you will have one more free entry and an expert review. All this is written in the documents given to you. Please read them all carefully.

Note: The space you give for exam files is limited to 10MB. Therefore, a basic APK source code zip will cost more than that. For this reason, you can delete apks from the build folder while uploading files to the system. This will not affect your code and save you a large amount of space.

See you in the following reviews.

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture