بسم الله الرحمن الرحيم
Introduction
Hey, folks with you volk in this review I will talk about eMAPTv2 course and Exam.
I am going to talk about Tips for studying and Tips for passing the exam and
the prerequisite for the Course and exam.
The difficulty of this course and exam is intermediate,
Its difficulty is not so easy and not hard it’s between easy and medium (FOR ME).
Overview
The eLearnSecurity Mobile Application Penetration Testing (eMAPTv2) certification
is a comprehensive and practical certification that focuses on mobile pentesting.
It is designed for individuals who possess advanced knowledge of mobile application security.
To successfully pass the eMAPTv2 certification exam, you need to
demonstrate expertise in various areas, including android java development,
reverse engineering Android applications, exploiting Android vulnerabilities, identifying logic flaws,
exploiting Android development environments, understanding encryption and cryptography,
and identifying vulnerable implementations.
The certification exam fee is $400, which grants you two attempts at the
exam. In case of failure on the first attempt,
You receive feedback on your submitted APK and source code.
You have 7 days to submit Your code.
Alternatively, individuals can also choose to enroll in the
MASPT v2 course, which is part of the Mobile Application Penetration Testing
Professional learning path. This course can be accessed by
purchasing a paid subscription from INE’s website at https://ine.com/pricing.
Course & Exam Preparation
The Course is divided into two parts (Android & IOS)
I am not going to discuss IOS in this review cause its not included in the exam .
The part of android in the course includes this module:
1- Android Architectures
By studying Android Architecture, learners explore the various layers of the Android system,
including the application layer, framework layer, and Linux kernel layer.
Through this exploration, students develop a comprehensive understanding of how these layers
interact and contribute to the overall functionality of the Android platform.
Understanding Android Architectures is essential for aspiring mobile application penetration testers,
as it provides insights into the underlying structure of Android applications.
Students learn how different components within the architecture interact,
which is crucial for identifying potential security vulnerabilities.
By acquiring knowledge in Android Architectures,
students lay a solid foundation for the rest of the eMAPTv2 course.
This knowledge empowers them to effectively analyze and assess the security of Android applications,
preparing them for the challenges they will encounter during the certification exam.
2- Setting up a Testing Environment
in eMAPTv2 students learn how to create a suitable environment for conducting effective
penetration testing on mobile applications.
This module focuses on the practical aspects of
setting up a testing environment specific to mobile application security testing.
It covers the necessary tools, platforms, and configurations required
to create a controlled and secure environment for conducting tests.
By following the guidance provided in this module,
students will learn how to set up
emulators, virtual machines, or physical devices for testing mobile applications.
3- Android Build Process
The “Android Build Process” module provides insights into the process of
building Android applications. Students learn about compiling source code, resource management,
packaging, and signing applications. They gain an understanding of the tools, configurations, and
dependencies involved in the build process.
This knowledge is crucial for identifying security vulnerabilities and misconfigurations during the
development and build phases of Android applications.
4- Reversing APKs
In the “Reversing APKs” module, students learn the art of reverse engineering Android applications.
They explore techniques and tools used to decompile APK files,
analyze the application’s code and resources, and understand its inner workings.
This module equips students with the skills to uncover hidden functionalities,
identify security vulnerabilities, and modify the behavior of Android applications.
5- Device Rooting
The “Device Rooting” module focuses on the process of gaining root access on Android devices.
Students learn about the benefits and risks associated with rooting, the methods
to root different Android devices,
and the implications for security testing.
This module enables students to understand the challenges and opportunities presented by
rooted devices during mobile application penetration testing.
6- Android Application Fundamentals
The “Android Application Fundamentals” module covers the foundational concepts of Android applications.
Students gain a deep understanding of components such as activities,
services, content providers, and broadcast receivers.
They learn how these components interact and communicate within the Android application framework.
This module provides the necessary knowledge to analyze
the structure and behavior of Android applications during penetration testing.
7- Network Traffic
In the “Network Traffic” module, students explore techniques for capturing, analyzing,
and manipulating network traffic generated by Android applications.
They learn about intercepting and inspecting network requests, analyzing communication protocols,
and identifying potential security vulnerabilities related to network interactions.
This module equips students with the skills to assess the security of network communications
in mobile applications.
8- Device and Data Security
The “Device and Data Security” module focuses on understanding the security
mechanisms and best practices for protecting Android devices and user data.
Students learn about securing device settings, implementing encryption,
managing app permissions, and mitigating common security risks.
This module enables students to evaluate the security posture of Android devices
and recommend measures for enhancing their security.
9- Tapjacking
The “Tapjacking” module covers the concept of tapjacking, a technique that involves overlaying
malicious elements on top of legitimate user interfaces to deceive users into unintended actions.
Students learn how to identify and exploit tapjacking vulnerabilities in Android applications,
and they explore defensive measures to protect against such attacks.
This module provides insights into the risks associated with tapjacking
and equips students with mitigation strategies.
10- Static Code Analysis
The “Static Code Analysis” module focuses on using static analysis techniques
to identify security vulnerabilities in Android applications.
Students learn about tools and methodologies for analyzing source code,
detecting common coding flaws, and evaluating the overall security posture
of Android applications.
This module enables students to perform comprehensive security assessments
through static code analysis.
11- Dynamic Code Analysis
In the “Dynamic Code Analysis” module, students delve into dynamic analysis techniques for
assessing the security of Android applications.
They explore tools and methodologies for instrumenting applications, capturing runtime behavior,
and identifying vulnerabilities and malicious behaviors. This module equips students with
the skills to analyze application behavior in real-time and uncover security issues that
may not be apparent in static analysis.
Exam Process
- The eMAPTv2 Exam duration is 7 days
- The eMAPTv2 Exam focuses only on Android as it provides you with two applications
- You are given 2 vulnerable applications and you need to identify
the vulnerabilities of the 2 applications (This will not take you a lot of time,
maybe less than 1 hour or 2 hours) but developing the application will take you more time
some penetration testers developed the application in
4 days some of them developed it in 3,2 and 1 day,
I developed the malicious application in less than 12 hours
but I decided to send the application after reviewing
the application on more than one Android emulator and I reviewed
the requirements of the letter of engagement more than one time and
I took my time to see how to generate the app and,etc…
and I submit my exam on the third day
- To pass the Exam you have to submit the .apk file and the source code
of your malicious application (exploit app) as you are not required to submit a report.
- In your application, you have to exploit the vulnerability which is on the shared vulnerable application.
(More Info will be provided in the Letter of Engagement file which is provided within the exam files)
Exam Tips
- Learn the Basics of JAVA and android development (If you don’t know even the basics of java
and android development, You will have a hard time inside the exam)
I recommend for you this course from freeCodeCamp.org
- Study the Material of the Course well and actually this is will help you a lot to pass the exam
BUT you have to know how to develop applications,
try to develop applications that exploit the labs provided in the course
and you have to know the basics of encryption and decryption
- Take a look at this GitHub repository this will help you a lot in the exam
- Have a good understanding of Analyzing Android Manifest,reverse engineering the application
and reading the code
- Your application project don’t have to be compiled with SDK version 24 as long as
your application works on Android API 24.
Thank God
Thank to My father for supporting me
Thank to My mother for supporting me
Thanks to My Family for supporting me
