Certified Mobile Pentester - Android

Certified Cloud Pentesting eXpert-AWS

Certified Mobile Pentester - Android
(CMPen-Android)

Certified Mobile Pentester – Android (CMPen-Android) is an intermediate-level exam to test a candidate’s knowledge on the core concepts of mobile security (Android). Candidates must be able to demonstrate practical knowledge to perform static and dynamic analysis of Android applications to pass this exam.

  • Practical
  • 4 Hours
  • Online
  • On-demand
  • Real world pentesting scenarios
£250

Our Candidates Say it Best

Diego Huaman Cherres

Diego Huaman Cherres

Cybersecurity Engineer | eWPTv2 | CAPen | CNSP | CAP | eJPT | LCSPC | CMPen-Android

I just passed the Certified Mobile Pentester (CMPen) – Android certification from The SecOps Group with a 100% merit score! 😁 I consider it to be an excellent certification for testing the static and dynamic analysis of an APK, cryptographic analysis, and exploiting application logic vulnerabilities. I'm very grateful for the support and study material provided by my colleagues.

Oryon Farias

Oryon Farias

Pentester | Red Team Leader | Mobile Security Engineer | Offensive Security | CMPen-Android

I just passed The SecOps Group mobile pentest (Android) exam!!! The test lasts a maximum of 4 hours with 14 flags to be submitted on the platform! It is necessary to have knowledge in reverse engineering, root bypass techniques, sslpinning and similar, it requires intermediate/advanced knowledge and includes knowledge in instrumentation with frida, objection and tools commonly used in mobile pentest! I want to thank The SecOps Group for the opportunity!!!

Hernan Rodriguez

Hernan Rodriguez

Senior Offensive Cybersecurity | Red Team | eCPTX | CMPen-Android

I am happy to share my certification 'Certified Mobile Pentester (CMPen-Android)', I had a lot of fun in this exam. The exam covered many business logic vulnerabilities, missconfiguration, access logs, bypass root & sslpinning, known vulnerabilities and most of all it was entertaining. Thank you very much.

Who should take the exam?

CMPen - Android is intended to be taken by pentesters, security architects and any Mobile security enthusiast, who wants to evaluate and advance their knowledge in Android application security.

What is the format of the exam?

CMPen - Android is an intense 4 hour long practical exam. It requires candidates to solve a number of challenges, identify and exploit various vulnerabilities and obtain flags. The exam can be taken online, anytime (on-demand) and from anywhere. Candidates will need to download Android APK build and connect to the exam VPN server to set up for the exam.

What is the pass criteria for the exam?

The pass criteria are as follows:

  • Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
  • Candidates scoring over 75% marks will be deemed to have passed with merit.

What is the experience needed to take the exam?

This is an intermediate-level exam. Candidates should have prior knowledge and experience of Android application pentesting and familiarity with its common tactics, techniques and procedures. They should be able to demonstrate their practical knowledge on Mobile security topics by completing a series of tasks on identifying and exploiting vulnerabilities that have been created in the exam environment to mimic the real world scenarios.

Note: As this is an intermediate-level exam, a minimum of two years of professional pentesting/bug-bounty experience is recommended.

What will the candidates get?

On completing the exam, each candidate will receive:

  • A certificate with their pass/fail and merit status.
  • The certificate will contain a code/QR link, which can be used by anyone to validate the certificate.

What is the exam retake policy?

Candidates, who fail the exam, are allowed 1 free exam retake within the exam fees.

What are the benefits of this exam?

The exams will allow candidates to demonstrate their skills in Android application pentesting. This will help them to advance in their career.

How long is the certificate valid for?

The certificate does not have an expiration date. However, the passing certificate will mention the details of the exam such as the exam version and the date. As the exam is updated over time, candidates should retake the newer version as per their convenience.

Will you provide any training that can be taken before the exam?

Being an independent certifying authority, we (The SecOps Group) do not provide any training for the exam. Candidates should carefully go over each topic listed in the syllabus and make sure they have adequate understanding, required experience and practical knowledge of these topics. Further, the following independent resources can be utilised to prepare for the exams.

Learning Resources

Kontra

Free/Paid:free

Type:Training

Payatu

Free/Paid:free

Type:Training

Security Compass

Free/Paid:paid

Type:Training

seedlabs

Free/Paid:free

Type:Training

attackdefense.com

Free/Paid:free

Type:Training

damnvulnerableiosapp

Free/Paid:free

Type:Training

Macfee

Free/Paid:free

Type:Training

OWASP

Free/Paid:free

Type:Training

revolutionelite.co.uk

Free/Paid:free

Type:Training

mobilehackinglab

Free/Paid:both

Type:Training

Hackthebox

Free/Paid:both

Type:Training

dvba.apk

Free/Paid:free

Type:Training

Security Compass

Free/Paid:free

Type:Training

Exam Syllabus

 

Android Security Architecture and Permission Model

 

Android Application Component

 

Understanding of Android Application Pentesting Environment

 

OWASP Mobile Top 10

 

Static and Dynamic Analysis

 

Reverse Engineering Android applications

 

Understanding of Android Application Pentesting Tools, such as Adb, Drozer, Jadx-gui, Logcat, etc.

 

Traffic Analysis using Burp Suite and Wireshark

 

Frida, Objection, and MobSF

 

Root Detection & SSL Pinning Checks

 

Excessive/Insecure Logging and its Analysis

 

Hardcoding Issues

 

Obfuscation in the Code

 

Misconfigured Database Storage

 

Understanding and Exploitation of Insecure Activities and Content Providers

 

Exploitation of Logic flaws

 

Inspection of Certificate and Signing Schema

 

Common Security Misconfigurations and Android Security Best Practices

  • Insecure Permissions
  • Encryption and cryptography
  • Insecure Storage of Data
  • Use of Outdated and Vulnerable Technology Components
  • Insecure Coding Practice

Pre-requisite

Host Operating System:

Windows/Linux/MacOS with minimum 8GB RAM to run virtual machines/emulated devices.

Physical Device with Minimum Supported Android Version:

Android 7.0 / SDK 24.

Emulator with Minimum Android Version Supported:

Android 7.0 / SDK 24.

The android application has been tested against the following list of devices and emulators (not an exhaustive list):

Genymotion:

  • Android 7.0, 7.1, 8.0, 9.0, 10.0 and 11
  • Android 7-10 (x86 bit) and Android 11 (x64 bit)

Memu (Android 7.1.2)

Nox (Android 7.1.2)

Physical Devices (Most of the physical devices with Android 7.0 and above are supported, here are a few we have tested on):

  • Moto G9 Power (Android 11)
  • Redmi 9A (Android 11)
  • Pixel XL 2 (Android 11)
  • MI A2 (Android 10)
  • Poco X3 (Android 12)
  • Moto G40 Fusion (Android 12)
Note: Please make sure you have your Android pentesting environment ready before taking the exam (Android Emulator or Physical Device, Android Platform Tools, Burp Suite, or any similar proxy tool.)

Sample Question

The Android application you are testing has implemented insecure logging practices, resulting in the logging of sensitive information. Your task is to obtain the credentials logged by the application and use them to log in to the "Admin" portal. After successful login, you will be able to retrieve the flag. Provide the flag below: