Hi!
In a world dominated by mobile apps, the importance of securing them cannot be overstated. My journey into mobile application pentesting began with a realization of the vulnerabilities these apps may harbor. Seeking a comprehensive course, I stumbled upon the TCM Security Mobile Application Penetration Testing course , and little did I know it would redefine my approach to app security.
Who schould take this course?
The TCM Security Mobile Application Penetration Testing course is designed for individuals who aspire to specialize in mobile application security and penetration testing. Or just folks like my, who loves tech stuff!
It’s important to note that while the TCM Security Mobile Application Penetration Testing course is designed to accommodate various skill levels, a basic understanding of general cybersecurity concepts and practices would be beneficial for participants.
The course comprehensively addresses both Android and iOS platforms. For the hands-on exercises involving iOS, it’s recommended to have access to a Mac computer and an ‘older’ iPhone. Personally, I didn’t engage in the hands-on activities for iOS since I don’t own a Mac or an iPhone. Nevertheless, watching the instructional videos can still be valuable and provide insights into the iOS aspects of the course.
Why?
In summary, attending the TCM Security Mobile Application Pentester course is a strategic investment for individuals seeking to deepen their expertise in mobile application security, advance their careers, and stay at the forefront of cybersecurity practices. The practical skills, expert instruction, and networking opportunities make this course a valuable asset for cybersecurity professionals and enthusiasts alike.
What is in the course?
Specialized Mobile Application Focus: The course is specifically tailored to address the unique challenges and vulnerabilities associated with mobile applications. Participants gain in-depth insights into mobile security, ensuring they are well-equipped to handle the intricacies of securing mobile platforms.
Practical, Hands-On Learning: Participants engage in real-world scenarios and practical exercises, allowing them to apply theoretical concepts in a simulated environment. This practical approach ensures that the skills learned are directly applicable in professional settings.
Expert Instruction from TCM Security: TCM Security is recognized for its expertise in cybersecurity training. By attending this course, participants benefit from the knowledge and experience of industry experts who have practical experience in mobile application security and penetration testing.
Comprehensive Curriculum: The course covers a wide range of topics, from foundational concepts to advanced techniques in mobile application security. Participants can expect to gain a holistic understanding of the subject, ensuring they are well-prepared to tackle various security challenges in mobile environments.
Stay Updated on Industry Trends: Mobile security is a rapidly evolving field, with new threats and vulnerabilities emerging regularly. Attending this course allows participants to stay updated on the latest industry trends, ensuring they are well-informed and capable of addressing current and future security issues.
Boost Career Opportunities: Acquiring specialized skills in mobile application security enhances one’s marketability in the cybersecurity domain. Employers increasingly value professionals with expertise in securing mobile platforms, and completing this course can open up new career opportunities or advancement in one’s current role.
Networking Opportunities: Joining the TCM community through this course provides networking opportunities with like-minded professionals, instructors, and industry experts. Networking is invaluable for staying connected with the cybersecurity community, sharing knowledge, and potentially opening doors to collaborations or job opportunities.
Gain Practical Tools and Techniques: Participants learn practical tools and techniques used in mobile application penetration testing. Whether it’s understanding common vulnerabilities, performing dynamic analysis, or using specific tools for mobile security assessments, attendees acquire tangible skills that can be applied immediately in their professional roles.
Build Confidence in Mobile Security Assessments: The hands-on nature of the course helps participants build confidence in their ability to conduct mobile security assessments. From identifying vulnerabilities to recommending mitigations, attendees gain the practical experience needed to excel in real-world scenarios.
Access to Resources and Support: Participants often gain access to a range of resources, including course materials, tools, and ongoing support from the TCM Security community. This ensures that the learning experience extends beyond the course duration, providing a valuable resource for continuous professional development.
The Agenda
Introduction and Course Resources
- Course Introduction (7:25 )
- Course Resources (6:52 )
- Mobile Pentesting Certification Landscape (4:37 )
- Device Requirements (4:10 )
- Course Discord (2:04 )
Penetration Testing Process
Android Intro and Security Architecture
Android Lab Setup
- Windows – JADX-GUI (1:49 )
- Windows – adb Install (2:53 )
- Windows – apktool install (4:09 )
- Windows – Android Studio Install (1:55 )
- Kali Linux – PimpMyKali (Easy Mode) (3:59 )
- Kali Linux – adb Install (0:20 )
- Kali Linux – apktool Install (1:12 )
- Kali Linux – JADX-GUI Install (2:34 )
- Kali Linux – Android Studio Install (4:22 )
- Mac – Brew (1:16 )
- Mac – JADX-GUI (0:45 )
- Mac – apktool (0:47 )
- Mac – Android Studio (6:03 )
- Emulator Setup & Recommendations (All Platforms) (10:38 )
- Accessing ADB Shell from a VM/Networked Device (4:39 )
- Additional Emulator Options Android (Optional) (2:33 )
- Physical Device Setup (Optional) (4:50 )
- Common Issue: No Extended Controls (1:45 )
Android Static Analysis
- Pulling an APK From the Google Play Store (5:36 )
- Intro to Injured Android (3:14 )
- Android Manifest.xml (9:26 )
- Manual Static Analysis (9:50 )
- How to Find Hardcoded Strings (11:53 )
- Injured Android Static Analysis (Flags 1-4) (11:59 )
- Enumerating AWS Storage Buckets via Static Analysis (9:05 )
- Enumerating Firebase Databases via Static Analysis (7:25 )
- Automated Analysis using MobSF (20:53 )
Android Dynamic Analysis
- Intro to SSL Pinning/Dynamic Analysis (9:13 )
- Dynamic Analysis using MobSF (16:07 )
- Burp Suite Install and Overview (7:39 )
- Burp Suite Setup/Intercept (8:08 )
- Proxyman Install & Usage (12:41 )
- Patching Applications Automatically using Objection (7:47 )
- Patching Applications Manually (16:05 )
- Dynamic Analysis – Final Notes and Vectors (6:10 )
- The Frida Codeshare (2:32 )
- Using Frida Codeshare & Startup Scripts (2:51 )
- Common Issue: Can’t Decode Resources (1:24 )
Android Bug Bounty Hunt
BONUS – Android Red Teaming
- In-Line Attacks (4:16 )
- Creating a Generic APK with Metasploit Shell (7:33 )
- Injecting Play Store App with Metasploit Shell (10:39 )
- The Ghost Framework (5:07 )
iOS Introduction and Architecture
iOS Lab Setup
- xCode Setup/Install (3:19 )
- Using xCode (7:23 )
- Developer License Setup (3:53 )
- AnyTrans (Pull IPA from App Store) (4:59 )
- IPATool (Pull IPA from App Store – Updated) (5:48 )
- Additional Emulator Options iOS (Optional) (2:35 )
iOS Static Analysis
iOS Dynamic Analysis/Jailbreaking
- Burp Suite Setup & Usage (4:56 )
- Proxyman – iOS (6:24 )
- SSL Pinning iOS (1:55 )
- Using Objection for iOS (9:35 )
- Jailbreaking (8:08 )
- Burp Mobile Assistant (Optional) (5:44 )
- SSL Killswitch (9:22 )
- Jailbreaking iOS 15.x-16.x (8:26 )
- SSL Killswitch iOS 15.x-16.x (3:06 )
- Traffic Interception iOS 15.x-16.x (3:06 )
iOS Bug Bounty Hunt
Contact
LinkedIn – https://www.linkedin.com/in/wilson-security/
YouTube – https://www.youtube.com/c/WilsonSecurityGroup/featured
That was all for now!
Keep Hacking!
//Roger
Tips and Tricks 
Leave a comment