search
Page cover

eMAPT - Mobile Application Penetration Tester

The Mobile Application Penetration Tester (eMAPT) certification is issued to cyber security experts that display advanced mobile application security knowledge through a scenario-based exam.

See my credential here:

Accredible β€’ Certificates, Badges and BlockchainAccredible β€’ Recipient Portalchevron-right

hashtag
The certification:

eMAPT is a certification for individuals with a complex understanding of mobile application vulnerabilities and exploits.

LogoeMAPT Certification | INE SecurityINEchevron-right

hashtag
Expiration:

Not expire.

hashtag
Evaluation Type:

7 days, submit an exploit APK that exploit others apps vulnerabilities.

hashtag
What It covers:

  1. Mobile Application Vulnerability Assessment: Techniques for identifying and exploiting vulnerabilities in mobile Android applications.

  2. Reverse Engineering and Code Analysis: Methods for decompiling and analyzing mobile app code to uncover security flaws and weaknesses.

  3. Advanced Mobile Threats and Mitigation: Strategies for understanding, mitigating, and defending against advanced mobile threats, including malware, insecure data storage, and data leakage.

hashtag
The exam:

(14 - 17 May 2024)

Like always, i was working and doing certification at the same time. I was doing it in post-labor hours. I got problems running directly with Android Studio, so i got Genymotion running and things started ran smoothly. I got my lab like this: Genymotion to emulate Android OS and apps, and then Android Studio to develop the app to submit. You can connect the two via ADB. Get careful over computer resources, mine were always stopping responding, since its heavy tasks (big potato of pc i have)... and do not burn your house down with Android studio pls...

Its started a bit rough at first, but when then i got things going. You get some Android applications, you decompile it and then start looking at the code. The first vuln should be easy, at sight. You have to get that info and find a way to get it. Straightforward if you think and dominate other fields, like web apps.

After that, you can feel a bit stuck. Rethink what you did, and think deeply - "What can i do more with what i have?". Remember, it does not get out of that concepts. You just have to think "outside" the box. ;)

In the end, I submitted the app and 2 weeks later i received positive feedback - I passed the exam and earned the certification! 😁😎

hashtag
The study materials:

hashtag
Review - should you buy it ?

For the price, I think it's not fair. It is 400$, so much for the small amount of topics they cover on the exam. And you don't even need to do dynamic analysis to pass the exam. It's very focused on one particular Android exploit and... that's not the case in real life... No SSL pinnings, and no advanced techniques either. It's a course that lacks a lot, and that should be revamped. Also, it only has Android, it has nothing with IOS, so you can skip that part of the preparation.

Is it a good for starting? Yeah... For the price? No. Can it be better? For sure.

Also, it does not get updated in a long time :(

Hope you like it, DM me or reference this if it has helped you!

PreviouseWPTv2 - Web Application Penetration TesterNextSC-900 Microsoft Certification

Last updated