11 KiB

Raw Blame History

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.

eLearnSecurity Mobile Application Penetration Tester (eMAPT) and the respective INE courses

Course: Android & Mobile App Pentesting

This is the course to prepare for the eMAPT certificate exam. It will teach you the basics of Android as OS, how the applications works, the most sensitive components of the Android applications, and how to configure and use the main tools to test the applications. The goal is to prepare you to be able to pentest Android applications in the real life.

I found the course to be a great one for people that don't have any experience pentesting Android applications. However, if you are someone with experience in the topic and you have access to the course I also recommend you to take a look to it. That was my case when I did this course and even having a few years of experience pentesting Android applications this course taught me some Android basics I didn't know and some new tricks.

Finally, note two more things about this course: It has great labs to practice what you learn, however, it doesn't explain every possible vulnerability you can find in an Android application. Anyway, that's not an issue as it teach you the basics to be able to understand other Android vulnerabilities.
Besides, once you have completed the course (or before) you can go to the Hacktricks Android Applications pentesting section and learn more tricks.

Course: iOS & Mobile App Pentesting

When I performed this course I didn't have much experience with iOS applications, and I found this course to be a great resource to get me started quickly in the topic, so if you have the chance to perform the course don't miss the opportunity. As the previous course, this course will teach you the basics of iOS, how the iOS applications works, the most sensitive components of the applications, and how to configure and use the main tools to test the applications.
However, there is a very important difference with the Android course, if you want to follow the labs, I would recommend you to get a jailbroken iOS or pay for some good iOS emulator.

As in the previous course, this course has some very useful labs to practice what you learn, but it doesn't explain every possible vulnerability of iOS applications. However, that's not an issue as it teach you the basics to be able to understand other iOS vulnerabilities.
Besides, once you have completed the course (or before) you can go to the Hacktricks iOS Applications pentesting section and learn more tricks.

eMAPT

The eLearnSecurity Mobile Application Penetration Tester (eMAPT) certification is issued to cyber security experts that display advanced mobile application security knowledge through a scenario-based exam.

The goal of this certificate is to show that you are capable of performing common mobile applications pentests.

During the exam you are given 2 vulnerable Android applications and you need to create an Android application that exploits the vulnerabilities automatically. In order to pass the exam, you need to send the exploit application (the apk and the code) and it must exploit the other apps vulnerabilities.

Having done the INE course about Android applications pentesting is more than enough to find the vulnerabilities of the applications. What I found to be more "complicated" of the exam was to write an Android application that exploits vulnerabilities. However, having some experience as Java developer and looking for tutorials on the Internet about what I wanted to do I was able to complete the exam in just some hours. They give you 7 days to complete the exam, so if you find the vulnerabilities you will have plenty of time to develop the exploit app.

In this exam I missed the opportunity to exploit more vulnerabilities, however, I lost a bit the "fear" to write Android applications to exploit a vulnerability. So it felt just like another part of the course to complete your knowledge in Android applications pentesting.

Course: Web Application Penetration Testing eXtreme

This course is the one meant to prepare you for the eWPTXv2 certificate exam.
Even having been working as web pentester for several years before doing the course, it taught me several neat hacking tricks about "weird" web vulnerabilities and ways to bypass protections. Moreover, the course contains pretty nice labs where you can practice what you learn, and that is always helpful to fully understand the vulnerabilities.

I think this course isn't for web hacking beginners (there are other INE courses for that like Web Application Penetration Testing). However, if you aren't a beginner, independently on the hacking web "level" you think you have, I definitely recommend you to take a look to the course because I'm sure you will learn new things like I did.

eWPTXv2

The eLearnSecurity Web Application Penetration Tester eXtreme (eWAPTX) is our most advanced web application pentesting certification. The eWPTX exam requires students to perform an expert-level penetration test that is then assessed by INE’s cyber security instructors. Students are expected to provide a complete report of their findings as they would in the corporate sector in order to pass.

The exam was composed of a few web applications full of vulnerabilities. In order to pass the exam you will need to compromise a few machines abusing web vulnerabilities. However, note that that's not enough to pass the exam, you need to send a professional pentest report detailing all the vulnerabilities discovered, how to exploit them and how to remediate them.
I reported more than 10 unique vulnerabilities (most of them high/critical and presented in different places of the webs), including the read of the flag and several ways to gain RCE and I passed.

All the vulnerabilities I reported could be found explained in the Web Application Penetration Testing eXtreme course. However, order to pass this exam I think that you don't only need to know about web vulnerabilities, but you need to be experienced exploiting them. So, if you are doing the course, at least practice with the labs and potentially play with other platform where you can improve your skills exploiting web vulnerabilities.

Course: Data Science on the Google Cloud Platform

It's a very interesting basic course about how to use the ML environment provided by Google using services such as big-query (to store al load results), Google Deep Learning APIs (Google Vision API, Google Speech API, Google Natural Language API and Google Video Intelligence API) and even how to train your own model.

Course: Machine Learning with scikit-learn Starter Pass

In the course Machine Learning with scikit-learn Starter Pass you will learn, as the name indicates, how to use scikit-learn to create Machine Learning models.

It's definitely recommended for people that haven't use scikit-learn (but know python)

Course: Classification Algorithms

The Classification Algorithms course is a great course for people that is starting to learn about machine learning. Here you will find information about the main classification algorithms you need to know and some mathematical concepts like logistic regression and gradient descent, KNN, SVM, and Decision trees.

It also shows how to create models with with scikit-learn.

Course: Decision Trees

The Decision Trees course was very useful to improve my knowledge about Decision and Regressions Trees, when are they useful, how they work and how to properly tune them.

It also explains how to create tree models with scikit-learn different techniques to measure how good the created model is and how to visualize the tree.

The only drawback I could find was in some cases some lack of mathematical explanations about how the used algorithm works. However, this course is pretty useful for people that are learning about Machine Learning.