eLearnSecurity MASPT

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
I purchased the course over a year ago and am finally going to start it. Going to focus on Android, as that is what I deal with mainly at work and also that's what the certification is based on. Programming wise I've been working on Java and figure, for the most part, I can fumble my way through. I'll be posting my progress here and it will be the first at home certification I've studied for in some time!
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

  • KhohezionKhohezion Member Posts: 57 ■■■□□□□□□□
    Good luck man! Keep us in the loop.

    I was thinking about doing this one too but I was too tempted with the others...
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Welp, did the first two sections and overall I am happy with the content. I know a lot of people pointed out that all the information for the course could be gathered via Google and that is certainly true. This point is driven home by the fact that throughout all the presentations they provide outside links that can be used for further research. That being said, it is nice to get everything in one spot and be guided on the basics then told where to go for a deeper dive. Like any training course, you can always do your own research and learn it on your own, but that is time consuming and sometimes you just don't know where you should begin.

    I have two cons to point out based on the limited content I have completed thus far. First, the teacher is very monotone. Go on Udemy and you will find any number of instructors who can at least sound excited about what they are teaching. Clearly he knows his stuff and his tone doesn't put you to sleep, but a little excitement would be nice. Second, I would have liked to see a little more of the instructor going through the material. Yes I can read the slides myself, but typically an instructor will add some anecdotes to what is being covered. It seems most of the videos come at the end and he does certainly cover what was on the slides. For my learning style, visuals with audio tend to drive topics home for me.

    So far so good! Labs don't start till section four so it's nice to just go through and listen/watch for a bit.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • unkn0wnsh3llunkn0wnsh3ll Member Posts: 68 ■■□□□□□□□□
    Hi the_grinch,

    Just wondering, I bought the same course but it was version 1 couple of years ago and now they have latest as v2. Not sure of the difference between v1 and v2. Are you doing V2 MASPT ?

    I did complete few modules when I bought two years back. But then moved to Finish OSCP first and then take up this course later, but they have launched V2 and upgrade costs $400. Just thinking on that angle.....

    Cheers
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I did get version 2 as they announced it and offered an initial discount.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Ok, so today I completed section 3 and most of 4. This is definitely some of the most interesting training I have been through. I worked for almost three hours and by the end all I could think was "wow someone actually figured all of this out". Section 4 was the first one to have labs and it covers reversing an apk. They definitely take you step by step, for the most part, and the first lab was pretty easy. It was just meant to get you looking at everything and doing the basic steps. The second lab is where you do a little work, but this is where I have an issue.

    They give you all the source code for the app (which by the nature of the section defeats the purpose of what you are trying to do). As I read through the lab they point out where to go, within the source files, to get the apk. Personally, I felt this should have been covered in the beginning or they should have just given you the apk. So here I am looking at the source code, guessing at what the app does (simple when you have the code) and finding the information that they were looking for. Further down they say "go here for the apk" and then I have the Homer Simpson moment. So I get the apk and do everything I learned to start looking at the source from there.

    The only other issue I have is that I don't recall them discussing installing the app onto a device via adb. Here I am running an adb command and it's saying no emulator. Do a quick Google search and find out I'm supposed to plug a phone in. No biggie, but maybe knowing upfront would have been better.

    As I stated, definitely one of the most interesting courses I have taken and it does require you doing some research to get through it.

    Key Takeaways:

    1. All the tools appear to be able to be run on any OS
    2. If using Linux, you'll get some permission issues that you need to take care of
    3. You should definitely have cursory knowledge of Java and Android programming - you will need to follow how the program functions and in my case, not realizing I needed to install the app, having that cursory knowledge allowed me to visualize how the app worked just from the code I could see - plus once you install the app you can test to see if what you found is right

    Loving it so far!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    The course is really up-to-date and has a lot of information, but I also recommend checking out the Android for Pentesters course from Pentester Academy. It seems to be discontinued, but some videos are available on youtube.Also, don't worry about the exam, it is possible to find the killchain in a 1-2 hours and you can write the exploit app in 2-4 hours without any android coding experience. Have fun!
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Awesome! Thanks for the info!!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Haven't been slacking. I haven't continued with section four due to work, but I have been reading Android Hacker's Handbook. Should be picking up with section four this week.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Today I completed another lab in part 4. I was a bit teed off, but released that was largely because I should have cleaned out the director of was working in. I got through about 85% of the lab, but had to peak at the answer to fully get it. Now that I know what other steps may be required I'll keep a lookout in the future.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Completed sections 4, 5 and 6 today. Last night I did some reversing on a regular app and found some interesting stuff. Definitely going to finish everything up, along with reviewing Java and then attacking the Goat app before submitting for the test.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Good work Grinch. I’ve been following your thread even though I haven’t been posting. Since you did some reversing on a regular app, I take it the course prepares you well enough that when you’re done you can go and apply it anywhere.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    It certainly does! What was interesting was I reversed the app and saw something very weird in one part of it. Low and behold, after completing section 4, I realized that it had been obfuscated. What I found most interesting about it is that the piece that was obfuscated was from another company and the main pieces of the app were not obfuscated at all. Of course the piece that was obfuscated is the piece I was most concerned with exploiting, but hey can't always be easy right?

    So far I will say there is a decent balance of the teacher providing you information and there being a requirement that you do somethings on your own. You're not spoon-fed, but at the same time they walk you through pretty well. My only other critique is that there should be more labs. I prefer doing a section and there being some sort of lab, but that isn't the case with the course. Obviously, you can lab on your own, but nice to have some guidance. Last piece, I do think you should know some Java (and they do state this in the pre-reqs). You could squeak by, but I'd really recommend that you brush up on it. I'm doing this as going through the course and it seems to be alright.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Completed sections 8 and 9 today at lunch. I do need to do the labs, but they didn't seem too difficult. 2 more sections to go and in theory I could take the exam.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    looking forward to hearing from you on the outcome of the exam. good luck :)
  • unkn0wnsh3llunkn0wnsh3ll Member Posts: 68 ■■□□□□□□□□
    Hello Grinch,

    Any update about your MASPT? Hope you have taken your exam and passed in flying colours.

    Let us know your review and feedback.....Looking forward,

    I'm about to start MASPT, will write update sooner.

    Ciao
  • alvinooalvinoo Member Posts: 12 ■■■□□□□□□□
    H there,

    I am just starting into this course. Can I check if this exam is currently v2.5 or v2.
    Currently I have completed the first part of the lab.
    1) Reversing - I got to learn about reversing apk, get to derive from the AndroidManifest.xml on how to identify Java files being used in the manifest. From the apktools get the seedvalue and find out the password of the application.

    Stay tunes: )
    2) While 2nd part of the lab mention about capturing network traffic and decompiling the application to identify the cert validation vulnerability.
Sign In or Register to comment.