Hacktify Certified Mobile Pentester

About the Certification

"Hacktify Certified Mobile Pentester" is a comprehensive certification designed to equip you with the knowledge and hands-on skills needed to assess and secure both Android and iOS mobile applications. In today's dynamic digital landscape, mobile applications are integral, making it essential to ensure their security. This certification offers a structured approach to understanding mobile app security, covering everything from setting up your testing environment to performing static and dynamic analysis. With a focus on the OWASP Mobile Top 10 vulnerabilities, you'll learn how to identify, exploit, and mitigate security risks, making this certification valuable for security professionals, developers, or anyone interested in safeguarding mobile applications.

What will you learn?

In this certification, you will learn to master the art of mobile application security testing for both Android and iOS platforms. You'll gain proficiency in setting up test environments, performing static and dynamic analysis, and identifying vulnerabilities following the OWASP Mobile Top 10. With a focus on hands-on experience, you'll develop the skills to secure mobile applications and protect them from potential security threats, making you well-equipped to excel in the field of mobile app security.

Android Pentesting

  • Introduction
  • Setting up your environment
  • Getting started with Android
  • Android Basics
  • OWASP Mobile TOP 10
  • Static Analysis
  • Dynamic Analysis
  • Tips & Tricks
  • Automation
  • Conclusion

ios Pentesting

  • Introduction
  • Setting up your environment
  • Getting started with iOS
  • iOS Basics
  • OWASP Mobile TOP 10
  • Static Analysis
  • Dyanmic Analysis
  • Tips & Tricks
  • Automation
  • Conclusion

Android Pentesting

Module 01

Setting up your environment | 01 Hours

  • Setting up Mobexler
  • Emulators
  • Setting up Genymotion – Android
  • Emulator
  • Setting up Android Studio Emulator
  • Setting up Bluestacks – Android
  • Emulator
  • Rooting
  • Rooting an Android Device
  • Connecting BurpSuite with Android Device

Module 02

Getting started with Android | 02 Hours

  • Introduction to Android Applications
  • Android Architecture Stack
  • Android Components
  • Android File System
  • Android Data Storage Options
  • Transferring data between Devices
  • Extracting Applications – Part 1
  • Extracting Applications using APK
  • Extractor
  • Decompiling Applications using
  • dex2jar
  • Decompiling applications using JD-Gui

Module 03

Android Basics | 02 Hours

  • APK Contents
  • Dalvik
  • Smali
  • Webviews
  • Application Signing & Verification
  • xml file

Module 04

OWASP Mobile TOP 10 | 01 Hours

  • What is OWASP?
  • M1: Improper Platform Usage
  • M2: Insecure Data Storage
  • M3: Insecure Communication
  • M4: Insecure Authentication
  • M5: Insufficient Cryptography
  • M6: Insecure Authorization
  • M7: Client Code Quality
  • M8: Code Tampering
  • M9: Reverse Engineering
  • M10: Extraneous Functionality

Module 05

Static Analysis | 03 Hours

  • Installing MobSF
  • Installing Cloudsek BeVigil
  • Running Yaazhini
  • SharedPreferences Analysis
  • Pidcat + Logcat
  • Hardcoded Credentials
  • Drozer
  • Exploiting Applications using Drozer
  • Firebase Misconfigurations
  • Pasteboard
  • WebView Related Vulnerabilities

Module 06

Dyanmic Analysis | 02 Hours

  • Frida
  • Objection
  • Frida-CodeShare
  • Installing Frida
  • What is Root Detection
  • Bypassing Root Detection using Frida
  • Bypassing SSL Pinning using Objection
  • Bypassing SSL Pinning by adding
  • custom CA Certificate
  • Bypassing SSL Pinning by overwriting
  • packaged CA Certificate with custom
  • CA Certificate
  • Fingerprint/Face Detection Bypass
  • Intent Injection
  • Android Task Hijacking

Module 07

Progressive Web Application(PWA) Attacks | 02 Hours

  • Building Test Cases for PWA Applications

Module 08

Approach on Bug Bounty Programs | 02 Hours

Module 09

Tips & Tricks | 02 Hours

  • Android Pentesting Checklist
  • Android Pentesting Mindmap
  • Android Pentesting Nuclei Templates
  • iOS Pentesting Reports Private
  • Using objection & Frida without
  • Rooting the device
  • Android Frida Scripts
  • Android Hacking Reports
  • Android Bug Bounty Journey

Module 10

Capstone Project | 03 Hours

IOS Pentesting

Module 01

Setting up your environment | 01 Hours

  • Setting up Mobexler
  • Setting up MacOS on Windows
  • Machine
  • Simulators
  • Emulators
  • Jailbreaking
  • Jailbreaking Types
  • How to Jailbreak
  • Connecting BurpSuite with iOS

Module 02

Getting started with ios| 02 Hours

  • Introduction to iOS Applications
  • plist files
  • What is UDID
  • Accessing the device shell
  • On Device Shell App
  • Transferring data between Device and PC
  • Extracting and Decrypting IPAs using frida-ios-dump
  • Extracting and Decrypting IPAs using Filza
  • Extracting and Decrypting IPAs using iMazing
  • Installing Applications using 3uTools
  • Installing Applications by Sideloading

Module 03

ios Basics | 02 Hours

  • Data Protection
  • Keychain
  • App Capabilties and Purpose Strings
  • App Extensions
  • Device Management

Module 04

OWASP Mobile TOP 10 | 01 Hours

  • What is OWASP?
  • M1: Improper Platform Usage
  • M2: Insecure Data Storage
  • M3: Insecure Communication
  • M4: Insecure Authentication
  • M5: Insufficient Cryptography
  • M6: Insecure Authorization
  • M7: Client Code Quality
  • M8: Code Tampering
  • M9: Reverse Engineering
  • M10: Extraneous Functionality

Module 05

Static Analysis | 03 Hours

  • Installing MobSF
  • FileSystem Analysis
  • App Logs Analysis
  • Hardcoded Credentials
  • SQLite Databases
  • Other Databases
  • Firebase Misconfigurations
  • iOS Keychain
  • iOS UIPasteboard
  • iOS WebViews
  • Application Patching
  • Sensitive information inside
  • Applications Memory
  • Insecure APIs/Functions

Module 06

Dyanmic Analysis | 02 Hours

  • What are tweaks
  • What is Substitute
  • What is Cydia/Seilo
  • How to install Tweaks
  • Installing Frida
  • What is Jailbreak Detection
  • Jailbreak Detection Bypass using Frida
  • Jailbreak Detection Bypass using Shadow
  • Jailbreak Detection Bypass using Liberty
  • Jailbreak Detection Bypass using A-Bypass
  • Jailbreak Detection Bypass using Objection
  • Other Utilites
  • What is SSL Pinning
  • SSL Pinning Bypass using Frida
  • SSL Pinning Bypass using SSL Kill Swtich
  • SSL Pinning Bypass using Objection
  • Local Authentication Mechanisms Bypass

Module 07

Progressive Web Application Attacks Building Test Cases for PWA Applications | 02 Hours

  • Building Test Cases for PWA Applications

Module 08

Approach on Bug Bounty Programs | 02 Hours

Module 09

Tips & Tricks | 02 Hours

  • iOS Pentesting Checklist
  • iOS Pentesting Mindmap
  • iOS Pentesting Nuclei Templates Private
  • iOS Pentesting Reports Private
  • Using Objection and Frida without
  • Jailbreaking the device
  • iOS Hacking Reports
  • iOS Frida Scripts

Module 10

Capstone Project | 03 Hours

Our Instructor

Meet Our Expert Instructor

Rohit Gautam

Hacktify Certified Instructor

Winner of Cyber Security Samurai of Year 2023, Director at Hacktify, Principal Security Consultant, Adjunct Prof. at Mandsaur University.

Shifa Cyclewala

Hacktify Certified Instructor

Winner of Top 20 Women Influencers Cyber Security in India 2022. Winner of Top Women Influencer Cyber Security in India 2023 by Bsides Bangalore.

hacktify team

Hacktify Certified Instructor's

We are a team of passionate cybersecurity experts, hackers turned ethical defenders, and technology enthusiasts Blue Team Cyber Suraksha 2023 Indian Army 2021 (Sainya Ranakshetram) Hackathon by Karnataka Govt. 2020 CIT Hackathon 2022 Noob Army Vulncon 2020 Southern California Tech Summit 2021

0
Month
0 +
Labs

24/7

Support

BENEFITS OF HACKTIFY CERTIFIED MOBILE PENTESTER

Comprehensive Android Environment Setup: This course provides hands-on training for setting up your Android environment, including emulators, rooting, and connecting with tools like BurpSuite. Students can start their mobile penetration testing journey with a well-configured environment.

In-Depth Knowledge of Android and iOS Basics: Deep understanding of both Android and iOS platforms, covering Android architecture, components, file systems, data storage options, and data transfer between devices for Android, and similarly for iOS. This comprehensive knowledge is essential for effective mobile pentesting on both Android and iOS platforms.

Familiarity with OWASP Mobile Top 10: The course covers the OWASP Mobile Top 10 vulnerabilities, enabling students to identify and mitigate common security issues in mobile applications, such as improper authentication, insecure data storage, and insecure communication.

Static and Dynamic Analysis Skills: Students acquire skills in both static and dynamic analysis, using tools like MobSF, Pidcat, Drozer, Frida, and Objection. These tools help identify vulnerabilities, hardcoded credentials, and issues related to SSL pinning and authentication.

Progressive Web Application (PWA) Testing: The course covers progressive web application attacks and teaches students how to build test cases for PWA applications, expanding their knowledge to include both native and web-based mobile app security.

Capstone Project and Practical Application: With a capstone project, students have the opportunity to apply their knowledge in a real-world scenario, putting their Android pentesting skills to the test. This practical experience helps students develop a deeper understanding of the subject matter.

Schedule a Free
Call

Admission
Form

Call us any time:

+91 9106147779

Email us 24/7 hours:

shifa@hacktify.in

Address:

1021, 1 Aerocity, SakiNaka, Andheri(E), Mumbai

FOLLOW US ON:

Resources

Copyright © 2023 Hacktify All Rights Reserved.