Course Overview

This course focuses on Android and iOS Mobile Application Penetration testing. The course will demonstrate common techniques to extract sensitive data from Android and iOS Application such as API Keys, stored secrets, and firebase databases, and provide a solid foundation for continuing a career as a Mobile Application Penetration Tester. This course will cover the common methodologies and practices you can utilize to start Bug Bounty hunting mobile applications.


Requirements:

The student should have:

  • A basic understanding of Web Application or API-based penetration testing
  • Some familiarity with Mobile Application platforms such as iOS and Android (like how to navigate to settings, install applications, etc.) is expected.

For the Android section of this course the following device requirements will apply:

  1. Windows, Linux, or MacOS based machine
  2. 16 GB of RAM or more (to run virtual machines as well as emulated devices)
  3. At least 250GB of available storage

For the iOS Section of this course the following device requirements will apply:

  1. MacOS-based Machine (Macbook, Mac Mini, etc.), or Linux-Based physical machine with preferably with 16 GB of RAM as well as at least 250GB of available storage
  2. Physical iPhone or iPad running iOS 16.x or less (for jailbreaking purposes)


What will I learn?

  1. How to follow the Penetration Testing and Mobile Application Penetration Testing Processes
  2. How to setup a lab environment to analyze both iOS and Android Mobile applications that are pulled directly from the Apple and Google Play Stores
  3. Manual analysis of Mobile Applications for sensitive information such as URLs, Storage Buckets, Firebase Databases, and other Stored Secret
  4. Automated analysis of Mobile Applications by using tools like MobSF
  5. How to break SSL Pinning by using Objection and Frida for both iOS and Android
  6. The OWASP Top Ten for Mobile
  7. How to jailbreak an iOS device



Hacking Into Computer Example

Course Curriculum - 9 Hours


  Introduction and Course Resources
Available in days
days after you enroll
  Penetration Testing Process
Available in days
days after you enroll
  Android Intro and Security Architecture
Available in days
days after you enroll
  Android Lab Setup
Available in days
days after you enroll
  Android Static Analysis
Available in days
days after you enroll
  Android Dynamic Analysis
Available in days
days after you enroll
  Android Bug Bounty Hunt
Available in days
days after you enroll
  BONUS - Android Red Teaming
Available in days
days after you enroll
  iOS Introduction and Architecture
Available in days
days after you enroll
  iOS Lab Setup
Available in days
days after you enroll
  iOS Static Analysis
Available in days
days after you enroll
  iOS Dynamic Analysis/Jailbreaking
Available in days
days after you enroll
  iOS Bug Bounty Hunt
Available in days
days after you enroll
all-access membership wolf logo

This course is included in our
All-Access Membership
starting at $29.99/month

Get full access to the Practical Ethical Hacking course and our full course catalog when you enroll in our All-Access Pass Membership.

About the Instructor

Aaron is a passionate security professional with experience in the Fortune 50. He is a Principal Penetration Tester at TCM Security, responsible for Mobile Application Penetration Testing of over 20 Mobile Apps. He is also an avid Capture the Flag Creator and has published multiple rooms on TryHackMe. Aaron is also CEO and Founder of the Wilson Security Group and publishes videos on YouTube on security topics and cybersecurity certification reviews.


Aaron holds certifications such as the eMAPT, CISSP, eCPPTv2, eWAPTv2, CEH, and eJPT certifications among others. He holds a bachelor's degree in Security and Risk Analysis from Penn State University as well as a Master's in Information Assurance and Cybersecurity from Western Governor's University (WGU).


Follow Aaron on Social Media:

LinkedIn - https://www.linkedin.com/in/wilson-security

YouTube - https://www.youtube.com/c/WilsonSecurityGroup

TryHackMe Hacker Methodology - https://tryhackme.com/room/hackermethodology

Frequently Asked Questions


Can I get a refund if I'm unhappy with my purchase?

Yes. All courses come with a 24-hour money-back guarantee.


Will I receive a certificate of completion when I finish a course?

Yes. All courses come with a certificate of completion.

Do the courses count as Continuing Education Units (CEUs)?

Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.

What is the All-Access Pass?

As of July 1st, 2023 TCM Academy transitioned to a monthly subscription model, where you now receive full access to all of the courses on our platform for as long as your subscription remains active.


What if you already own courses on TCM Academy?

If you already own a course on our platform, you will continue to own that course forever. Previously owned courses will not be affected by this change.


I can see the course, but it won’t load or play. What should I do?

We use Cloudflare to protect our course platform and unfortunately, it does not play nice with VPNs. If you are experiencing issues, turn off your VPN and try again. If that does not solve the issue, please contact our support team at [email protected] and we will help you out.