TLDR; if you know how to reverse engineer APKs, know how to create your own android apps, and know-how device security works you are probably good for the examination

Course

Note: Please note that I only completed the android part of the course material. For a detailed overview of the different subjects covered by the course, please refer to the syllabus linked below. The android part of this course goes through everything from low-level system design of android devices and how applications run on the OS, it then continues into examining some of the common errors made during application creation that might lead to security flaws. Next, it goes through how to recognise and exploit these flaws. One of the big missing pieces of the course is the lack of introduction to how to create apps, more specifically malicious apps. It should be clearly stated that knowledge of programming languages like Java or C# is more or less a necessary prerequisite for the examination where you are asked to create a malicious app to take advantage of vulnerabilities discovered earlier! Other than that the course will introduce you to many of the tools of the trade when it comes to mobile app penetration testing most notably are:

  • Android Studio
  • dex to jar
  • baksmali
  • apktool
  • adb
  • jd-gui Again knowledge of object-oriented programming and the ability to hack together an android application (it does not need to be pretty) is essential to passing the examination!

The Exam

The examination is pretty straightforward, but requires some out-of-the-box thinking! for a third time, don’t begin the exam if you don’t think you will be able to program a malicious app to take advantage of security flaws in other applications! The exam is a whole lot of fun and more than doable in the time allotted, so no need to panic, you get an assignment of penetration testing some android applications and exploiting the flaws found. As always there will be nothing here that you have not already encountered int he course already, the only thing you need is a bit of creativity. If you feel stuck during the exam or like you are hitting your head against a wall remember to take some time away from the computer and take a walk and just get away, you can do it!

Resources

  • https://dsxte2q2nyjxs.cloudfront.net/Syllabus_MASPTv2.pdf