eLearnSecurity Mobile PenTest Course (MASPT)

NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
Just finished taking the 7-day challenge exam for the eLearn Security Mobile Application Security and Penetration Testing Course (https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/). Overall, I was extremely happy with this course. Here are an overview of my thoughts (both positive and negative) for both the course and exam:


Some of the course is a bit out-dated
-
  • Targets iOS 6 (currently on iOS 8.1) and Android 4.1.2 Jellybean (currently on Android 5.0.1 Lollipop).
    • I personally don't see this as a huge concern, as this seems to be pretty common in the industry. It's pretty typical to take traditional PenTest courses that start you off attacking Windows XP with MS08-067. Along the same lines, this seems to be an effective way to introduce the fundamentals with some additional attack surface for practicing.
  • The Android test environment setup uses Eclipse IDE and Android SDK. These solutions are deprecated and have since been replaced with Android Studio. Android Studio is very similar in functionality, but has a completely different GUI. So you are definitely going to have to figure some things out when getting started. Knowing the old setup is sufficient to do some searches and figure out what you need to do. Also, feedback from the admins in the forums indicates that the course should be updated soon. But as the course currently stands, its a bit frustrating.

Course content was fantastic
-
  • Overall, once you get past the test environment setup, the course is REALLY good. The test apps are a lot of fun, and the content is well presented.
  • The course was definitely more focused on Android than iOS (which was a plus for me, since I was already pretty comfortable with iOS testing, and not so much with Android...but this may be a negative for some).

The Challenge Exam
-
  • Similar to the course, the exam is only on the Android side (no iOS component). Once again, this was fine by me.
  • Just like the eWPT exam, this one was VERY well engineered to be highly challenging and to require you to be able to string together multiple exploits to successfully complete the challenge.
  • The concept of the exam was awesome. Rather than the traditional "do a pentest and deliver a report" routine that I've encountered with both OSCP and eWPT, this was much more creative. Rather than doing a report, you actually have to write your own malicious Android app. You are provided two related target applications, and you have to write your own app that will exploit multiple flaws on each of those to extract sensitive data. The malicious app (source code and installation package) is your only deliverable.
  • You have to be proficient at both run-time exploits, reverse-engineering and writing your own Android app to be able to pass the exam.
  • Although it was challenging, 7 days is definitely more than enough for the exam. I managed to complete it in 3 days, with a total of probably about 18 hours of testing.
Overall, I'm very happy with the course and feel like I got a lot out of it.

Comments

  • JoJoCal19JoJoCal19 California Kid Posts: 2,750Mod Mod
    Congrats and thanks for the review! I know eLearnSecurity doesn't get the recognition that OffSec does but I am impressed by their material. It's very in-depth and explains things really well.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, Pentesting
    Next Up:​ eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python)
  • impelseimpelse Posts: 1,227Member ■■■■□□□□□□
    Congrats
    Blog: learn-security.net

    Computer Support Houston Area: thehost1.com
  • john13619john13619 Posts: 10Member ■□□□□□□□□□
    Congrats and very good review.


    Can you do the same for eWPT ? Does it really worth to take it or it's better eWPTX ?
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    JoJoCal19 wrote: »
    Congrats and thanks for the review! I know eLearnSecurity doesn't get the recognition that OffSec does but I am impressed by their material. It's very in-depth and explains things really well.

    As someone who has done training from both OffSec and eLearnSec, I have a great deal of respect for both organizations. And I think they supplement each other well. I think that OffSec's OSCP is still the defacto standard for general PenTesting (then again, I've never taken eLearn's general PenTest courses). But I think that eLearnSec definitely has the AppSec market more cornered.

    Nonetheless, both are very hands-on in terms of both training and testing. In my opinion, still the two best training organizations out there. And I can't say that I prefer either more than the other.

    SecurityTube/PenTest Academy probably comes in as a close third. I don't consider the material quite as well presented, but for the price...its high quality.
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    john13619 wrote: »
    Can you do the same for eWPT ? Does it really worth to take it or it's better eWPTX ?

    I actually did make several posts back when I did eWPT:

    http://www.techexams.net/forums/security-certifications/98588-elearn-security-vs-offensive-security.html

    http://www.techexams.net/forums/security-certifications/97319-pwning-justin-bieber-d.html

    Hope those help.
  • fuz1onfuz1on Posts: 961Member
    Congrats!
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • unkn0wnsh3llunkn0wnsh3ll Posts: 68Member ■■□□□□□□□□
    Congrats mate :), I had registered this a year back and couldnt study due to work and travel. This is next in line for me after finishing OSCP.
    Cheers
Sign In or Register to comment.