eMAPT & Mobile Apps/Sec Guide


On May 23rd, 2022, I successfully passed my eMAPT exam from eLearnsecurity. Whenever I strive to obtain a certification, I always follow a set of steps to ensure a thorough understanding of the topic. These steps are:

  1. Understanding and learning the topic as a developer or IT professional.
  2. Applying and practicing the topic through building applications, for instance.
  3. Learning and applying the security aspect of the topic.

In this blog, I will provide an honest review of the eMAPT course and exam, as well as offer a guide for mobile application security.

You can join the eMAPT Telegram group from the following link:

Course Content

The eMAPT course content was simple and not too bad, so it does not require a lot of description. However, there were some parts that were not clear, particularly in the early modules. If you are a beginner or someone with no prior knowledge, you will learn a lot, but if you have previous experience, you may not learn as much. The course covers both major mobile computing platforms, Android and iOS, starting with the OS architecture, followed by the setup of the necessary environment for the course. The course then moves on to the application building process and discusses how to hack each OS, either through rooting Android or jailbreaking iOS. Finally, the course covers vulnerabilities and security issues that can affect applications on both platforms, as well as how to test for these issues through static and dynamic analysis. Overall, the content is simple and easy to understand.

The Exam

For the exam, it is important to have both development and security knowledge related to the topic. You will be tested on your ability to develop applications, identify specific security vulnerabilities, and create an app that exploits these vulnerabilities. Note that there are no iOS apps included in the exam, but if you have the necessary equipment such as a Mac and iPhone, it is recommended that you study iOS development specifically.

Mobile App/Sec Guide

The most important than the certificate itself is to build the knowledge and the skills of the topic. So let’s move on with this guide that i put it from my view you don’t have to fully follow it, But i explained each part to make everything clear from my point of view:

How to enhance your skills, knowledge & also prepar for the eMAPT ?

Before learn how to hack the thing, learn the thing, do the thing and then hack the thing

So, first is the basics of the both Android & IOS with development & security also pentest.

So, we will start with the basics from TCM-Academy that course will give you some basic knowledge and skills about the Android & IOS both from the security & pentesting side. So, you will be able to understand the up coming courses from the security side and increase your mindset from the security side more.

Tcm-Academy link:

Second step is to study the eMAPT course materials but when we reach the Application fundamentals module we go to the development in Android or IOS depending on the section you are studying And here are two courses that i do recommend for the development:

Android Development:

IOS Development:

You can also look for the development resources that you see its good for you.

Now you can complete the eMAPT course & learning materials, And after that we will do the following:

As we know the mobile apps pentesting is divided into 2 thing, first the static analysis part which is for reverse engineering the application and reading the code for understanding and spotting some vulnerabilities or hardcoded credentials, etc.. & the second part is dynamic analysis which is the part for testing the application in the runtime such as looking for insecure data storing, some leaks & network traffic and many more.

  • Static Analysis courses: The following 2 courses are focused on static analysis more and vulnerabilities such as Owasp Mobile Top 10, how to use drozer & have a small part about exploit development on the mobile apps libraries.



  • Dynamic Analysis:

Now, after you have done your static analysis and understand the logic of the app let’s go for the dynamic analysis part. In this part you run the application and start to analysis the behaviour of the app, network flaw and trying to exploit the behaviour and other flaws that happen during the runtime.



Now we can say that we have fill most of the gaps that could happen to us and if you want to go more deeper and advance your level. You can start to read the books and the books are divided into 2 parts, The first part related to the applications itself and the second part related to exploit development in terms of exploitation to something like native C/C++ libraries that used in the applications and so on.

First part Focusing on Applications:

OWASP Mobile Security Testing Guide:

Mobile Application Penetration Testing:

the following book focuses more on applications and it has a part about exploit development in native libraries.

The Mobile Application Hacker’s Handbook:

Second part Focusing on Exploit Development:

This is especially for the exploit development section. These books explain the internals of mobile operating systems such as Android & iOS, and they are divided into two parts. The first part focuses on in-depth analysis and understanding of the operating systems, how they work, and their architecture. The second part focuses more on exploit development.

The first book helps you understand mobile operating systems in a more in-depth and broad way through digital forensic analysis: Practical Mobile Forensics:

This is the second section, which focuses more on exploit development:

Android Hacker’s Handbook:

iOS Hacker’s Handbook:

Don’t forget to conduct your own research and read articles/blogs. Additionally, there is a distribution built on Ubuntu called Mobexler which is a mobile app security and pentesting distribution. It comprises all the tools and frameworks necessary for mobile app pentesting. There is also a checklist available for both Android and iOS app pentesting that you can follow

Download link:

Checklist link:

Used Tools:


eCPTX: The Honest Review



You can join the eCPTX telegram group from here:

On June 17th, 2022, I successfully completed the eCPTX exam from eLearnsecurity and received my certification. At the time, I was working and had a lot of responsibilities, so I didn’t have a chance to study the course material beforehand. Instead, I relied on my previous experience and what gathered & used it during the exam. I will now provide an honest review of the eCPTX overall and in more details than the eCPPT, Cause there are a lot of things. Doesn’t make sense i saw in other ppls review.

Course Content

For the eCPTX course content i was disappointed with a lot of stuff. The content as the following:

  • Penetration Testing: Preparing the Attack
  • Penetration Testing: Red Teaming Active Directory
  • Penetration Testing: Red Teaming Critical Domain Infrastructure
  • Penetration Testing: Evasion

Penetration Testing: Preparing the Attack

In this part it was all about email security and phishing. You will learn about Email security like SPFDKIMDMARC. In addition to phishing attacks and ways to use macros & will show you study cases of macros used by APTs. Finally, C2 and redirectors. You think it’s cool right ? No, Cause if someone have no idea about macros actually or VBAs will not be able to understand and a lot of things will fall while learning. Side by that the module shall teaches you. How to develop Macros to use in your engagement. But, all what i saw was study cases and methods without writing any Macros. So, we can say that this section is showing you knowledge or giving you some knowledge. In the video related to this section, It shows how to get used codes and use it again by modifying it it's Good point but it will be hard to work with the modern solutions. In summary, In my opinion it was gonna better to teach how to develop macros from scratch up to advanced level as this certificate under the Red Teaming part. But, it still have good topics like the redirectors, But also still not everything explained clear in this section. But, at all if you are familiar with these topics and have previous knowledge about it you gonna find that it’s all fine with you.

Penetration Testing: Red Teaming Active Directory

I can say the real fun starts here as this section doesn’t have a lot of unclear things. But, in my opinion the only thing that i didn’t like is that in the first part in this section which was Advanced Active Directory Reconnaissance & Enumeration. They didn’t cover what is active directory first or it’s basics. But, it’s in the second part/pdf. So it shall be in the first PDF. But, it discuss how to start enumerate and obtain information from non-joined machine which is something good & Also attacking joined Linux machine in the AD, which is not common for people to talk about. In the second PDF which is Red Teaming Active Directory it was cool actually and here started by explaining The Active Directory environment, Moving to the Attacks of tradntial Active Directory attacks like LLNMR PoisoningDowngrading NTLM and more.Then talking about Powershell defense and bypasses, Abusing active directory features and components, Moving laterly, Browser Pivoting and many more.

Penetration Testing: Red Teaming Critical Domain Infrastructure

This section talking about used components and services in windows like MS ExchangeWSUS & MSSQL. it does not have that much of information but it’s fine to learn from it and you can find other blog series online talking in much more details would help you also you could find online abusing for something like SCCM.

Penetration Testing: Evasion

In this section explained about the AMSI architecture and some bypasses moving to other methods and components like Sensitive groups that solutions can use it for detection, also other solutions like EDRs and techniques to bypass and evading, After that developing a custom payload which i can say is a good one. Finally, The most section i liked in the course is the second section and i explained why. My final words is if the course relied on using and abusing built-in commands, functions and features for abusing as example, It would be absolutely an amazing content as it will reduce the detection in the real-world engagement.

The Exam

Now, Let’s talk about the exam. But, before this i mentioned something and its when i searched for reviews for the eCPTX, I found one thing common between most of the people that go through the exam, Which is some of them fail cause they had to find 3 paths or 3 ways to access the targeted domain, But, the funny part here if you go through the RoE (Rules of engagement) You can clearly see in the document that it’s telling one of the rules to pass the exam is to identify 3 ways to access the targeted domain. And others saw it as a really hard exam. But at all, As i mentioned before i toke the exam and passed without studying the content (That doesn't mean i am 1337 "elite" I'm giving my opinion honestly and what i see from my point of view), You may find content so wow and amazing, Therefore, th exam will be extremely hard. But, no exam was normal and if you have deal with .net stuff and reverse some of it it would be easy for you. For me i was reversing the .dll files from unity games in the past to modify it. So, I can say exam was normal not too easy and not too hard & It’s really was gonna be hard if we applied all what the content teach and i would be failing in it. For the exam environment you would face some issues, For example, you could try to abuse an attack, But will not work and when you restart the exam lab, the try again. It will work. At the end Thanks for taking to read and if you want to add books to read i would recommend books like Anti-Virus Bypass techniquesThe Hacker Playbook 3Advanced Infrastructure Penetration Testing .


Red Team Infrastructure & Macros

Active Directory and lateral movement

Attacking MSSQL, WSUS, Exchange and SCCM



eCPPT course & exam: The Honest Review



On February 4th, 2022, I successfully passed the “eCPPT” exam from “eLearnsecurity” and obtained the certification. Prior to this, I had previous experience with penetration testing and was already working as a penetration tester. In this blog, I will be providing my simple honest opinion on the course and exam.

Course Content

The course content was overall good, in my opinion. It was filled with a lot of information and knowledge to learn. However, there were some cons that I did not like. Specifically, in some sections of the course, certain points were not explained clearly or completely, and were more like definitions or short sentences. Despite this, the overall content was good and anyone can learn new things, whether they have previous knowledge or not. The section that I particularly liked in the course was the “Network Security” section, as it was the longest and biggest section in terms of content. It covered a lot of different types of attacks and techniques that can be used for penetration testing on networks, both internally and externally. I also appreciated the inclusion of sections on “Wireless Security” and “Metasploit & Ruby,” as these topics are not covered as frequently and are important for a penetration tester to know, as you may encounter wireless networks during engagements or projects. However, the course does not cover any content on attacking active directory, but that is included in the eCPTX certificate course content.

If I were to make some recommendations for preparing for the exam, I would suggest reading the following books:

  • “Penetration Testing with Shellcode”
  • “The Hacker Playbook 2” (which contains active directory).

Additionally, I would recommend going through the “Tryhackme” learning paths such as the “Jr Penetration Tester” path and the “Offensive Security” path. You will notice that the “Offensive Security” path also covers active directory, as does “The Hacker Playbook 2.” The reason I recommend this is because active directory is widely used in the majority of environments around the world and it is necessary to know about it.

The Exam

Now, coming to the exam part which took me few hours to done it. The exam was pretty easy and will be easy even if you didn’t have any previous experience with penetration testing as the exam was not providing everything you learn in the content which i see that it’s another thing under the cons side by the unstable exam environment. It will be enough for you to study the content and solve the labs. And at the end i would recommend the course for sure. but it’s important to consider the recognition of the certificate in the market or in the country you are targeting, as it may not be recognized in some areas.


Information Gathering:,