As mobile apps are a very common scope between the projects I currently take, I realized it would be a good idea to get certified on the topic. eMAPT is the only mobile certification besides the GIAC Mobile Device Security Analyst (GMOB), which is a multiple choice theoretical exam. So far I’ve only taken practical exams, as I think that memorizing stuff and braindump it answering questions won’t help you much.
Background and Preparation
As stated, I already work with mobile apps on an almost daily basis, so nothing in the training material was really new to me. However, I didn’t had coding experience with Java, so naturally I struggled a bit trying to figure out how to do certain things to reach the exam objectives which are very specific.
One thing I really disliked was that the INE platform does not provide any APKs for you to practice in a lab fashion, and I did see people talking about having this on eLearn. That’s essentially why I didn’t practice Java before the exam, because there wasn’t anything to practice with.
My preparation consisted of going through some of the materials and reading some reviews.
Exam Experience
As always, I’m not going to reveal specific information or details about the exam itself, keeping things as high level as possible.
The exam only covers the Android platform, probably for the sake of accessibility as iPhones and iOS emulators are way more expensive. As always they will provide you with a letter of engagement with all the details, exam objectives and such.
My exam consisted of 2 different apps, I prefer not to describe the exam objectives as it may reveal too much, but it was really cool to spend hours writing the app and exploiting all the stuff with Java. The exam objectives are very clear and they also place some requirements on things you cannot do, this is probably done to increase the exam difficulty.
I started my exam and found the vulnerabilities very quickly on the first day, then immediately moved into developing my PoC app which was done by night. On the second day I just revised everything, tested the app again against multiple emulators with different Android versions to make sure everything was working as expected and submitted the APK + source code.
0 Comments