I started thinking about Mobile pentesting sometime back. Finally in Feb/2024, I paid for the yearly subscription for INE and added eMAPT to my cart. If you dont know about eMAPT cert, then head over to eMAPT certification. And as per their home page

The Mobile Application Penetration Tester (eMAPT) certification is issued to cyber security experts that display advanced mobile application security knowledge through a scenario-based exam.

And on Apr/05/2024, I got My Certificate.

When I started in Feb, I did not know much about Android or iOS. I had watched some videos on Android pentest but thats about it. I had never really done anything practically. So, first thing first, I create a VM with all the tools I needed and I started with Ubuntu as base image.

Back in 2022, I had written some scripts to create such a script and this was a good oppurtunity to revisit the same. So, I started with Fedora Mobile Hacking Setup. But now I was doing it on Ubuntu so I had to make some changes but finally I had the setup ready.

Once my setup was ready, I started with the course material and it is good, quite good. It covers all the topics and seems to be covering the topic very well. So, I read the material, watched videos and practiced with the applications that they mentione. I dont have a iOS device so I skipped the lab part for that.

After all the hard work, time came for the exam. And me being me, I did not bother to read any documents available beforehand. Exam is 7 days long, so I started my exam and thus came my first surprise. I did not have to just find the issues and report them. I had to create a application that will exploit the issues in the applications provided in exam.

Wow, I have never create an android app before this. But time teaches you everything. I took about 2 days and created the android apps. Good thing is there is no iOS for exams and if it was there, I would have no possibility to attempt it :). So, finally I did some testing and submitted my app.

Wait for few days, I got the mail that I have failed. So, I went to my Exam page to check why and there was second surprise. I cannot see the comments of the examiner before I start my second attempt. So, I had to wait a few days before I could find some time for the exam and start the exam.

And finally I starte my second attempt, and thus could finallly read the comments of examiner. I was astonished to find that the application did not run for him. Not that I expected the world’s best application but I expected it to run, I had tested it. So, I ran the emulator again and tried and it did crash.

Any how, started my second attempt and finally after one days effort (code from first attempt helped me), I was able to complete the application which could exploit the provide application. This time, I ensured to test it multiple times (I had learned my lesson). I tested with multiple AVD’s and on the same AVD also multiple time after wiping the date. Submitted my app.

On the night of Apr 05,2024 just after midnight my time, I got the mail I was waiting for, I was a eMAPT certified now. I was developer long long back and that too used only C so working with Java and creating an Android app for the exam was an achievement that I was proud of.

So long for now.

Related Articles:

• 2022/04/23   Firefox addons for hacking
• 2018/11/26   Use Linux on your Android mobile/tablet (without root)
• 2011/06/08   N900 starts showing junk characters
• 2011/05/20   My new Maemo 5 Nokia N900 Mobile.