Hey there! How’s everything going? I’m eldeim, that’s my hacker name, but my name is Dani. A few weeks ago I decided to learn about Android hacking/APKs and, while I was at it, get a certification on the same topic. After some research, I came across what “apparently” positions itself in the market as the best in mobile pentesting, the eMAPT.

eMAPT certification cover

Context

I know this certification is not very popular in the pentesting sector, as people don’t usually work much with mobile hacking/APK CTFs since it’s quite a niche topic. But then, why did I decide to take it? And why am I bringing you this review?

Well, the answer is simpler than it seems: why not? I mean, it’s necessary to know how to defend yourself in each and every branch of hacking, so I decided to take it and learn new concepts for myself. Besides, nothing goes to waste: at my job I’ve already had some APK audits, where I was able to put what I learned into practice.

Those of you who start researching mobile hacking/APK certifications will realize that the two most well-known and popular ones are the eMAPT (from INE Security) and the PMPA (from TCM Security). So, after a lot of research (and getting inspired by Carlos Polop xD), I decided to take the eMAPT.

How was my preparation?

Well, to start with, I had very little time, so I had to tryhard it. It took about three weeks for my learning process, and honestly, it wasn’t as easy as I thought.

Note: I started from zero knowledge about Android and everything related to it.

The first thing I did was take advantage of an offer that came out for the eMAPT, which was my starting point. In total, it cost me about €260 approximately. The truth is that the course content was promising, being this:

  • Reconnaissance and Static Analysis (20%)
  • Dynamic Testing and Runtime Manipulation (20%)
  • API and Backend Security Testing (15%)
  • Mobile Application Security Fundamentals (10%)
  • Threat Modeling and Attacker Mindset (10%)
  • Reverse Engineering and Code Deobfuscation (10%)
  • Mobile Malware Analysis (10%)
  • Reporting and Communication (5%)

eMAPT course content

About 50 hours of videos, with 21 labs… And to be honest, more labs need to be added for this certification.

eMAPT course labs

Now comes the most important part: taking notes! Here are my recommendations to learn faster and not suffer so much.

This certification is, well, the truth is I’m slightly a hater of INE Security. Of the three certifications I did with them, I didn’t like any of them. BUT, leaving that aside, this certification is somewhat weird.

The first module is about 18 hours of theoretical videos, a real pain, honestly. But well, it’s necessary to understand the basics. The second module is the most practical: that’s where almost all the Android and iOS labs are, and it’s obviously the most interesting. And as you’ll see, the last module (which I didn’t finish completely out of pure desperation 😅), although it’s the shortest in hours, turns out to be the most important.

Note: if I had to organize the modules by order of importance, it would definitely be from bottom to top

Tips

Honestly (ignoring the intro): you can kind of skip the first module, but not the second and, especially, not the last one! The certification and modules are so poorly planned that there isn’t a single practical lab where you have to use FRIDA to bypass root restrictions.

So, definitely do this last one; now you’ll understand why.

eMAPT course modules

Reinforcing knowledge

Don’t just stick with what INE offers. In my case, I paid for a month of TCM Security to be able to see all the content of their Mobile Application Penetration Testing course:

TCM Security course on mobile pentesting

The only problem I see with this course is that there are no final labs or CTFs.

What is the exam like?

The exam lasts 12 hours, you have to answer 45 questions (including flags) and it consists of three parts:

  1. Theoretical questions
  2. Questions about static analysis
  3. Practical part with flags from 2 Android APKs

For the theoretical part of the questions, I did them manually and, when I finished the exam, I was checking them with ChatGPT. And… warning! It makes quite a few mistakes.

There’s something you need to be very clear about, which I already mentioned in the tips: in both apps you have to bypass or avoid measures with FRIDA, and yes, in the courses there isn’t a single practical lab that forces you to do it. There are only some videos where they touch on the topic very briefly.

As for the exam, honestly, it was fine. But the modules… (I’ve grown quite a dislike for them 😂). I learned more in the exam than watching all the modules, because solving both complete APKs without having touched FRIDA before was crazy, but not impossible.

Finally, to pass, you must get at least 70% of the questions correct. In my case, I did it in about 10 and a half hours approximately.

Is it worth it?

Despite everything that happened, yes! Whether I like it or not, in one way or another, INE teaches you. And I currently know things I didn’t before. So, if you want to learn about mobile hacking/APKs, it could be good, BUT with these steps:

  • Watch the last two modules/videos/labs, completely.
  • Take notes on everything, especially the last malware module.
  • Don’t trust that if I do all the labs well, I’ll pass the exam; this is not true: there are many things that are crucial in the exam (literally: if you don’t do them you can’t advance and you fail) that don’t have A SINGLE LAB.
  • And finally, know how to use FRIDA with the Frida CodeShare modules it normally has:

Frida CodeShare modules

Conclusion

You learn a lot about defending yourself in the mobile hacking/APKs field; the certification is good. You will need to supplement the learning with external resources, but it’s still worth it, especially if you’re looking for an accreditation that backs up what you know how to do.

Share on X Share on LinkedIn Share on Telegram
Comment on Discord Visit the author page