8kSec Academy
Self-paced Course

Practical Mobile Application Exploitation (On-demand)

Designed for both beginners and advanced enthusiasts, you'll learn how to reverse engineer and conduct thorough security audits of iOS and Android applications. You'll get a deeper insight into common bug categories, and detailed walkthroughs on how to exploit them. Learn how tools like Ghidra, Frida, LLDB, and more can be used to assist you during Mobile application assessments, or research.
  • Level

    Beginner / Intermediate

  • Video

    23 hours - 140 videos

  • CERTIFICATION EXAM

    Included

A path to
CMSE certification

Key Objectives

  • Learn how to set up your own Lab environment for Mobile application testing
  • Learn how to Reverse engineer iOS and Android binaries (Apps and system binaries)
  • Get PoC applications to perform 1 click exploits on Mobile apps
  • Learn the difference between reversing apps in different languages such as Objective-C, Swift etc
  • Learn how to debug iOS and Android apps
  • Get an intro to common bug categories on Android and iOS systems
  • Understand and bypass anti-debugging and obfuscation techniques
  • Learn how to leverage Frida for dynamic analysis by mastering techniques such as tracing, function hooking, and inspecting app behavior in real-time
  • Learn to audit iOS and Android apps for security vulnerabilities
  • Learn how to Intercept traffic in iOS/Android apps for both native and cross-platform frameworks
  • Learn manual and automated ways of bypassing security mitigations
  • Learn to identify vulnerabilities in native as well as Cross-platform apps
  • Learn to exploit different IPC mechanisms in iOS and Android apps
  • Get a detailed walkthrough on using Hopper, Ghidra, etc
  • Understand how to implement Anti-Fraud techniques in Mobile apps
  • Secure Mobile apps by implementing custom solutions
  • Become a Certified Mobile Security Engineer (CMSE)

Who Should Attend?

This course is for penetration testers, mobile developers or anyone keen to learn mobile application security. It’s also ideal for security enthusiasts who want to explore mobile security concepts, tools, and techniques in greater detail.

Prerequisites

To successfully participate in this course, attendees should possess the following:
  • Working knowledge of cybersecurity and pentesting fundamentals
  • Basic working knowledge of iOS and Android platforms
  • Basic Linux skills and command-line proficiency
  • Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
  • Basic ARM/AARCH64 binary assembly knowledge is recommended, but not required

Duration

  • 365 days of access after purchase

Technical Requirements

  • Laptop with 8+ GB RAM and 40 GB hard disk space
  • Administrative access on the system
  • A physical jailbroken iOS device running iOS 16.x or later, or access to a virtualized environment such as Corellium, is required to complete the labs.
  • To complete the labs, a physical Android device with root access running Android 12.x or later, or access to a virtualized environment like Corellium or an emulator, is required.

Need To Justify To Your Manager?

Need a Template to Justify the Training Request to your Manager? Download the Template below.

Syllabus

Unlock Job Opportunities

Gain the in-demand skills to pursue career opportunities such as:

Lead Application Penetration Tester*

A Cybersecurity Testing & Consulting Firm

$150,000 - $180,000 a year

Required Qualifications

- Bachelor’s degree in Computer Science, Software Engineering, or related field, or equivalent job experience
- Thorough security testing of developer workflows and mobile applications (iPhone and Android), including identification of security issues and vulnerabilities
- Proficiency in multiple programming languages and understanding of secure coding practices

Read more

iOS Application Security Engineer*

A Cyber-Risk Consulting Firm

$150,000 - $200,000 a year

Required Qualifications

- Bachelor’s degree in Computer Science, Information Security, or a related field, or 5+ years in mobile application development
- Proficiency in iOS frameworks (UIKit, Core Data) and Android frameworks
- In-depth knowledge of mobile security vulnerabilities (OWASP Mobile Top 10) and remediation techniques
- Familiarity with mobile security testing tools (e.g., MobSF, Drozer, Burp Suite, OWASP ZAP)

Read more

Senior Lead Security Engineer - Mobile*

A Global Banking Corporation

$147,700 - $190,000 a year

Required Qualifications

- Formal training or certification on Mobile Development concepts and 5+ years applied experience
- Strong understanding of mobile application security risks and mitigation strategies for both Android and iOS platforms
- Experience in implementing or managing mobile security operations
- Familiarity with CI/CD pipelines, DevSecOps methodologies, and secure software development practices

Read more

*This is a compiled job description based on actual postings from LinkedIn and Indeed.

Included

CERTIFIED MOBILE SECURITY ENGINEER (CMSE)

This training qualifies you for the Certified Mobile Security Engineer (CMSE) Certification. This certification signifies your ability to decipher Vulnerability Reports and conduct comprehensive Vulnerability Research (VR) using specialized tools within these platforms.
Exam Duration : 48 hours

START LEARNING

Practical Mobile Application Exploitation course

Early Bird Offer
  • Lecture recordings and self-assessments
  • Certification of course completion
  • Certified Mobile Security Engineer Exam Attempt
  • Post-training support
Enroll now and enjoy:
  • Early bird price (limited)
  • 365 days of access + 90 days early registration bonus access

Enroll a group

Get in touch for pricing
Includes everything from the individual rate, plus:
  • Special group pricing
  • Oversee and track the progress of group members

Enterprise

Get in touch for pricing
Includes everything from the group rate, with the ability to manage multiple seats and track student progress across all courses. Contact us with your preferred courses and number of students for a customized quote.

Practical Mobile Application Exploitation course

On-demand
  • Immediate access to materials
  • Lecture recordings and self-assessments
  • 365 days of access
  • Certification of course completion
  • Certified Mobile Security Engineer Exam Attempt
  • Dedicated email support

Enroll a group

Get in touch for pricing
Includes everything from the individual rate, plus:
  • Special group pricing
  • Available add-ons to Oversee and track individual student progress for large groups

Enterprise

Get in touch for pricing
Includes everything from the group rate, with the ability to manage multiple seats and track student progress across all courses. Contact us with your preferred courses and number of students for a customized quote.

Created by

8kSec Academy

Our instructors are experts with over a decade of hands-on experience in mobile security, IoT exploitation, and vulnerability assessment. They've delivered numerous private trainings to high-profile clients and shared their knowledge at renowned conferences like BlackHat, Def Con, POC, TyphoonCon, Brucon, Hack in Paris, Phdays, Appsec USA, and more.

With thousands of students having completed our courses, our instructors continually refine their content based on real-world feedback. Whether through live sessions or our new on-demand courses, we ensure the same high-quality learning experience is accessible to professionals worldwide.