Certified Mobile Pentester - iOS
Certified Mobile Pentester - iOS
(CMPen-iOS)
The Certified Mobile Pentester – iOS (CMPen-iOS) exam is an intermediate-level exam to test a candidate’s knowledge on the core concepts of an iOS app security. Candidates must be able to demonstrate practical knowledge to perform static and dynamic analysis of iOS applications to pass this exam.
- Practical
- 4 Hours
- Online
- On-demand
- Real world pentesting scenarios
Our Candidates Say it Best
Joshua A. 
Cybersecurity Grad Student @ UMD | Ex-KPMG | CRTP | CMPen | CAP | CMPen-iOS
I'm happy to share that I've successfully obtained the Certified Mobile Pentester (CMPEN IOS) certification from The SecOps Group after passing a rigorous 4-hour practical examination. This exam provided a smooth and engaging experience, significantly enhancing my expertise in mobile application security, specifically in iOS, across various key areas such as iOS Platform Security, Jailbreak detection & SSL Pinning Bypass, Reverse Engineering, and Network Traffic Analysis.
Caio R '/%3e%3cpath id='l' d='M-26.25 0h52.5v-12h-40.5v-16h33v-12h-33v-11H25v-12h-51.25z'/%3e%3cpath id='k' d='M-31.5 0h12v-48l14 48h11l14-48V0h12v-70H14L0-22l-14-48h-17.5z'/%3e%3cpath id='b' fill-rule='evenodd' d='M0 0a31.5 35 0 0 0 0-70A31.5 35 0 0 0 0 0m0-13a18.5 22 0 0 0 0-44 18.5 22 0 0 0 0 44'/%3e%3cpath id='d' fill-rule='evenodd' d='M-31.5 0h13v-26h28a22 22 0 0 0 0-44h-40zm13-39h27a9 9 0 0 0 0-18h-27z'/%3e%3cpath id='n' d='M-15.75-22C-15.75-15-9-11.5 1-11.5s14.74-3.25 14.75-7.75c0-14.25-46.75-5.25-46.5-30.25C-30.5-71-6-70 3-70s26 4 25.75 21.25H13.5c0-7.5-7-10.25-15-10.25-7.75 0-13.25 1.25-13.25 8.5-.25 11.75 46.25 4 46.25 28.75C31.5-3.5 13.5 0 0 0c-11.5 0-31.55-4.5-31.5-22z'/%3e%3cuse xlink:href='%23a' id='o' transform='scale(31.5)'/%3e%3cuse xlink:href='%23a' id='p' transform='scale(26.25)'/%3e%3cuse xlink:href='%23a' id='r' transform='scale(21)'/%3e%3cuse xlink:href='%23a' id='q' transform='scale(15)'/%3e%3cuse xlink:href='%23a' id='s' transform='scale(10.5)'/%3e%3cg id='m'%3e%3cclipPath id='c'%3e%3cpath d='M-31.5 0v-70h63V0zM0-47v12h31.5v-12z'/%3e%3c/clipPath%3e%3cuse xlink:href='%23b' clip-path='url(%23c)'/%3e%3cpath d='M5-35h26.5v10H5z'/%3e%3cpath d='M21.5-35h10V0h-10z'/%3e%3c/g%3e%3cg id='h'%3e%3cuse xlink:href='%23d'/%3e%3cpath d='M28 0c0-10 0-32-15-32H-6c22 0 22 22 22 32'/%3e%3c/g%3e%3cg id='a' fill='%23fff'%3e%3cg id='f'%3e%3cpath id='e' d='M0-1v1h.5' transform='rotate(18 0 -1)'/%3e%3cuse xlink:href='%23e' transform='scale(-1 1)'/%3e%3c/g%3e%3cuse xlink:href='%23f' transform='rotate(72)'/%3e%3cuse xlink:href='%23f' transform='rotate(-72)'/%3e%3cuse xlink:href='%23f' transform='rotate(144)'/%3e%3cuse xlink:href='%23f' transform='rotate(216)'/%3e%3c/g%3e%3c/defs%3e%3crect width='100%25' height='100%25' x='-50%25' y='-50%25' fill='%23009b3a'/%3e%3cpath fill='%23fedf00' d='M-1743 0 0 1113 1743 0 0-1113z'/%3e%3ccircle r='735' fill='%23002776'/%3e%3cclipPath id='g'%3e%3ccircle r='735'/%3e%3c/clipPath%3e%3cpath fill='%23fff' d='M-2205 1470a1785 1785 0 0 1 3570 0h-105a1680 1680 0 1 0-3360 0z' clip-path='url(%23g)'/%3e%3cg fill='%23009b3a' transform='translate(-420 1470)'%3e%3cuse xlink:href='%23b' y='-1697.5' transform='rotate(-7)'/%3e%3cuse xlink:href='%23h' y='-1697.5' transform='rotate(-4)'/%3e%3cuse xlink:href='%23i' y='-1697.5' transform='rotate(-1)'/%3e%3cuse xlink:href='%23j' y='-1697.5' transform='rotate(2)'/%3e%3cuse xlink:href='%23k' y='-1697.5' transform='rotate(5)'/%3e%3cuse xlink:href='%23l' y='-1697.5' transform='rotate(9.75)'/%3e%3cuse xlink:href='%23d' y='-1697.5' transform='rotate(14.5)'/%3e%3cuse xlink:href='%23h' y='-1697.5' transform='rotate(17.5)'/%3e%3cuse xlink:href='%23b' y='-1697.5' transform='rotate(20.5)'/%3e%3cuse xlink:href='%23m' y='-1697.5' transform='rotate(23.5)'/%3e%3cuse xlink:href='%23h' y='-1697.5' transform='rotate(26.5)'/%3e%3cuse xlink:href='%23j' y='-1697.5' transform='rotate(29.5)'/%3e%3cuse xlink:href='%23n' y='-1697.5' transform='rotate(32.5)'/%3e%3cuse xlink:href='%23n' y='-1697.5' transform='rotate(35.5)'/%3e%3cuse xlink:href='%23b' y='-1697.5' transform='rotate(38.5)'/%3e%3c/g%3e%3cuse xlink:href='%23o' x='-600' y='-132'/%3e%3cuse xlink:href='%23o' x='-535' y='177'/%3e%3cuse xlink:href='%23p' x='-625' y='243'/%3e%3cuse xlink:href='%23q' x='-463' y='132'/%3e%3cuse xlink:href='%23p' x='-382' y='250'/%3e%3cuse xlink:href='%23r' x='-404' y='323'/%3e%3cuse xlink:href='%23o' x='228' y='-228'/%3e%3cuse xlink:href='%23o' x='515' y='258'/%3e%3cuse xlink:href='%23r' x='617' y='265'/%3e%3cuse xlink:href='%23p' x='545' y='323'/%3e%3cuse xlink:href='%23p' x='368' y='477'/%3e%3cuse xlink:href='%23r' x='367' y='551'/%3e%3cuse xlink:href='%23r' x='441' y='419'/%3e%3cuse xlink:href='%23p' x='500' y='382'/%3e%3cuse xlink:href='%23r' x='365' y='405'/%3e%3cuse xlink:href='%23p' x='-280' y='30'/%3e%3cuse xlink:href='%23r' x='200' y='-37'/%3e%3cuse xlink:href='%23o' y='330'/%3e%3cuse xlink:href='%23p' x='85' y='184'/%3e%3cuse xlink:href='%23p' y='118'/%3e%3cuse xlink:href='%23r' x='-74' y='184'/%3e%3cuse xlink:href='%23q' x='-37' y='235'/%3e%3cuse xlink:href='%23p' x='220' y='495'/%3e%3cuse xlink:href='%23r' x='283' y='430'/%3e%3cuse xlink:href='%23r' x='162' y='412'/%3e%3cuse xlink:href='%23o' x='-295' y='390'/%3e%3cuse xlink:href='%23s' y='575'/%3e%3c/svg%3e)
Senior Cyber Analyst | Security Specialist | Pentester | CMPen-iOS
With great satisfaction, I share that I have earned my CMPEN-iOS (Mobile Pentest iOS) by The SecOps Group! This journey was challenging, but extremely enriching as there are currently not many iOS certifications on the market while the demand for pentesting in mobile applications is only increasing. The test demonstrated an intermediate/advanced level of maturity and difficulty, requiring dedication and technical knowledge during the 4 hours of the test.
Mani Sashank '%3e%3ccircle r='20' fill='%23008'/%3e%3ccircle r='17.5' fill='%23fff'/%3e%3ccircle r='3.5' fill='%23008'/%3e%3cg id='d'%3e%3cg id='c'%3e%3cg id='b'%3e%3cg id='a' fill='%23008'%3e%3ccircle r='.875' transform='rotate(7.5 -8.75 133.5)'/%3e%3cpath d='M0 17.5.6 7 0 2l-.6 5L0 17.5z'/%3e%3c/g%3e%3cuse xlink:href='%23a' transform='rotate(15)'/%3e%3c/g%3e%3cuse xlink:href='%23b' transform='rotate(30)'/%3e%3c/g%3e%3cuse xlink:href='%23c' transform='rotate(60)'/%3e%3c/g%3e%3cuse xlink:href='%23d' transform='rotate(120)'/%3e%3cuse xlink:href='%23d' transform='rotate(-120)'/%3e%3c/g%3e%3c/svg%3e)
Lead Security Engineer | Bounty Hunter | CMPen-iOS
This journey has been an incredible learning experience, and I'm thrilled to have expanded my skills in iOS penetration testing. 📱💡 This certification was not only challenging but rewarding, pushing me to deepen my understanding of iOS mobile security. 🛡️🔍 A big shoutout to the support team of The SecOps Group for their unwavering assistance throughout the exam. 🙏 I faced some technical difficulties at the start, but their support team was incredibly kind and efficient in resolving the issues, ensuring a smooth certification process.
Niraj Kharel  scale(5.56106)'%3e%3ccircle r='1'/%3e%3cg id='d'%3e%3cg id='c'%3e%3cpath id='b' d='M.195-.98 0-1.39l-.195.408' transform='rotate(11.25)'/%3e%3cuse xlink:href='%23b' transform='rotate(22.5)'/%3e%3cuse xlink:href='%23b' transform='rotate(45)'/%3e%3c/g%3e%3cuse xlink:href='%23c' transform='rotate(67.5)'/%3e%3c/g%3e%3cuse xlink:href='%23d' transform='scale(-1 1)'/%3e%3c/g%3e%3cg transform='translate(0 58.787) scale(8.1434)'%3e%3ccircle r='1'/%3e%3cg id='g'%3e%3cg id='f'%3e%3cpath id='e' d='M.259.966 0 1.576l-.259-.61'/%3e%3cuse xlink:href='%23e' transform='rotate(180)'/%3e%3c/g%3e%3cuse xlink:href='%23f' transform='rotate(90)'/%3e%3c/g%3e%3cuse xlink:href='%23g' transform='rotate(30)'/%3e%3cuse xlink:href='%23g' transform='rotate(60)'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Pentester | CRTO | CRTE | CRTP | CMPen-iOS
Wrapping up the week with the Certified Mobile Pentester (CMPen - iOS) certificate. The exam is quite interesting and requires a fair amount of analysis of the iOS bundle. It covers topics such as custom Frida scripts, web views, traffic analysis and SSL, iOS application components, third-party libraries, logical issues, hardcoding issues, binary signing inspection, and much more.
Who should take the exam?
CMPen - iOS is intended to be taken by pentesters, security architects and any Mobile security enthusiast, who wants to evaluate and advance their knowledge in iOS application security.
What is the format of the exam?
CMPen - iOS is an intense 4 hour long practical exam. It requires candidates to solve a number of challenges, identify and exploit various vulnerabilities, and obtain flags. The exam can be taken online, anytime (on-demand), and from anywhere. Candidates will need to download the iOS IPA build and connect to the exam VPN server to set up for the exam.
What is the pass criteria for the exam?
The pass criteria are as follows:
- Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
- Candidates scoring over 75% marks will be deemed to have passed with merit.
What is the experience needed to take the exam?
This is an intermediate-level exam. Candidates should have prior knowledge and experience of iOS application pentesting and the associated tactics, techniques and procedures. They should be able to demonstrate their practical knowledge on Mobile security topics by completing a series of tasks on identifying and exploiting vulnerabilities that have been created in the exam environment to mimic the real world scenarios.
Note: As this is an intermediate-level exam, a minimum of two years of professional pentesting/bug-bounty experience is recommended.
What will the candidates get?
On completing the exam, each candidate will receive:
- A certificate with their pass/fail and merit status.
- The certificate will contain a code/QR link, which can be used by anyone to validate the certificate.
What is the exam retake policy?
Candidates are allowed one free retake within the exam fees.
What are the benefits of this exam?
The exam will allow candidates to demonstrate their skills in iOS application pentesting. This will help them to advance in their career.
How long is the certificate valid for?
The certificate does not have an expiration date. However, the passing certificate will mention the details of the exam such as the exam version and the date. As the exam is updated over time, candidates should retake the newer version as per their convenience.
Will you provide any training that can be taken before the exam?
Being an independent certifying authority, we (The SecOps Group) do not provide any training for the exam. Candidates should carefully go over each topic listed in the syllabus and make sure they have adequate understanding, required experience and practical knowledge of these topics.
Learning Resources
Exam Syllabus
iOS Security Architecture and Permission Model
Understanding of iOS Application and its Component
iOS Application Pentesting Environment
Static and Dynamic Analysis
Reverse engineering iOS applications using XCode or Hopper Disassembler
Understanding of iOS Application Pentesting Tools, such as Cydia (Cydia external Repo and tweaks), 3utools, Hopper Disassembler etc.
Traffic Analysis with Burp Suite and Wireshark
Frida, Objection and MobSF
Jailbreak Detection & SSL Pinning Bypass
Local Authentication and TouchID Bypass
Excessive/Insecure Logging and its Analysis
Side Channel Data Leakage
Error & Exception Handling
Memory Management Issues
Webview Issues
Hardcoding Issues
Obfuscation in the Code
Misconfiguration of FirebaseDB and Appshot instance
Inspection of Binary Signing
Analysis of .plist Files
Common Security Misconfigurations and iOS Security Best Practices
- Insecure Permissions
- Weak Hashing and Cryptography Algorithms
- Insecure Data Storage
- Keychain dump
- Use of Outdated and Vulnerable Technology Components
- Insecure Coding Practice
Pre-requisite
Host Operating System:
Windows/Linux/MacOS with minimum 8GB RAM (MacOS Preferred).
Physical Device with Minimum iOS Version Supported:
iOS 14 or higher (Jailbroken).
Note: Please make sure you have your iOS pentesting environment ready (Jailbroken Physical Device, Burp Suite, or any similar proxy tool along with Frida, objection and other similar pentesting tools) prior to starting the exam. The IPA build will be distributed via TestFlight.Sample Question
Evaluate the application’s anti-reversing checks. Which of the following statements is true in the context of the Jailbreak Detection?
- The Application has a robust Jailbreak Detection implementation.
- The Application lacks any Jailbreak Detection implementation.
- The Application has insufficient Jailbreak Detection, which can be bypassed
- The Application has implemented Jailbreak Detection, and it can not be bypassed