+ Reply to Thread
Results 1 to 16 of 16
  1. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #1

    Default eLearnSecurity MASPT

    I purchased the course over a year ago and am finally going to start it. Going to focus on Android, as that is what I deal with mainly at work and also that's what the certification is based on. Programming wise I've been working on Java and figure, for the most part, I can fumble my way through. I'll be posting my progress here and it will be the first at home certification I've studied for in some time!
    WIP:
    Python
    Java
    Reply With Quote Quote  

  2. SS
  3. Member
    Join Date
    Jun 2015
    Posts
    50

    Certifications
    Security+ eJPT
    #2
    Good luck man! Keep us in the loop.

    I was thinking about doing this one too but I was too tempted with the others...
    Reply With Quote Quote  

  4. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #3
    Welp, did the first two sections and overall I am happy with the content. I know a lot of people pointed out that all the information for the course could be gathered via Google and that is certainly true. This point is driven home by the fact that throughout all the presentations they provide outside links that can be used for further research. That being said, it is nice to get everything in one spot and be guided on the basics then told where to go for a deeper dive. Like any training course, you can always do your own research and learn it on your own, but that is time consuming and sometimes you just don't know where you should begin.

    I have two cons to point out based on the limited content I have completed thus far. First, the teacher is very monotone. Go on Udemy and you will find any number of instructors who can at least sound excited about what they are teaching. Clearly he knows his stuff and his tone doesn't put you to sleep, but a little excitement would be nice. Second, I would have liked to see a little more of the instructor going through the material. Yes I can read the slides myself, but typically an instructor will add some anecdotes to what is being covered. It seems most of the videos come at the end and he does certainly cover what was on the slides. For my learning style, visuals with audio tend to drive topics home for me.

    So far so good! Labs don't start till section four so it's nice to just go through and listen/watch for a bit.
    WIP:
    Python
    Java
    Reply With Quote Quote  

  5. Member
    Join Date
    Jul 2015
    Posts
    68

    Certifications
    CEH, ECSA, eCPPT, OSCP, (MASPT), (CPSA)
    #4
    Hi the_grinch,

    Just wondering, I bought the same course but it was version 1 couple of years ago and now they have latest as v2. Not sure of the difference between v1 and v2. Are you doing V2 MASPT ?

    I did complete few modules when I bought two years back. But then moved to Finish OSCP first and then take up this course later, but they have launched V2 and upgrade costs $400. Just thinking on that angle.....

    Cheers
    Reply With Quote Quote  

  6. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #5
    I did get version 2 as they announced it and offered an initial discount.
    WIP:
    Python
    Java
    Reply With Quote Quote  

  7. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #6
    Ok, so today I completed section 3 and most of 4. This is definitely some of the most interesting training I have been through. I worked for almost three hours and by the end all I could think was "wow someone actually figured all of this out". Section 4 was the first one to have labs and it covers reversing an apk. They definitely take you step by step, for the most part, and the first lab was pretty easy. It was just meant to get you looking at everything and doing the basic steps. The second lab is where you do a little work, but this is where I have an issue.

    They give you all the source code for the app (which by the nature of the section defeats the purpose of what you are trying to do). As I read through the lab they point out where to go, within the source files, to get the apk. Personally, I felt this should have been covered in the beginning or they should have just given you the apk. So here I am looking at the source code, guessing at what the app does (simple when you have the code) and finding the information that they were looking for. Further down they say "go here for the apk" and then I have the Homer Simpson moment. So I get the apk and do everything I learned to start looking at the source from there.

    The only other issue I have is that I don't recall them discussing installing the app onto a device via adb. Here I am running an adb command and it's saying no emulator. Do a quick Google search and find out I'm supposed to plug a phone in. No biggie, but maybe knowing upfront would have been better.

    As I stated, definitely one of the most interesting courses I have taken and it does require you doing some research to get through it.

    Key Takeaways:

    1. All the tools appear to be able to be run on any OS
    2. If using Linux, you'll get some permission issues that you need to take care of
    3. You should definitely have cursory knowledge of Java and Android programming - you will need to follow how the program functions and in my case, not realizing I needed to install the app, having that cursory knowledge allowed me to visualize how the app worked just from the code I could see - plus once you install the app you can test to see if what you found is right

    Loving it so far!
    WIP:
    Python
    Java
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Feb 2016
    Posts
    121

    Certifications
    CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #7
    The course is really up-to-date and has a lot of information, but I also recommend checking out the Android for Pentesters course from Pentester Academy. It seems to be discontinued, but some videos are available on youtube.Also, don't worry about the exam, it is possible to find the killchain in a 1-2 hours and you can write the exploit app in 2-4 hours without any android coding experience. Have fun!
    Reply With Quote Quote  

  9. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #8
    Awesome! Thanks for the info!!
    WIP:
    Python
    Java
    Reply With Quote Quote  

  10. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #9
    Haven't been slacking. I haven't continued with section four due to work, but I have been reading Android Hacker's Handbook. Should be picking up with section four this week.
    WIP:
    Python
    Java
    Reply With Quote Quote  

  11. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #10
    Today I completed another lab in part 4. I was a bit teed off, but released that was largely because I should have cleaned out the director of was working in. I got through about 85% of the lab, but had to peak at the answer to fully get it. Now that I know what other steps may be required I'll keep a lookout in the future.
    WIP:
    Python
    Java
    Reply With Quote Quote  

  12. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #11
    Completed sections 4, 5 and 6 today. Last night I did some reversing on a regular app and found some interesting stuff. Definitely going to finish everything up, along with reviewing Java and then attacking the Goat app before submitting for the test.
    WIP:
    Python
    Java
    Reply With Quote Quote  

  13. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,632

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security, MSISA, BSBA
    #12
    Good work Grinch. I’ve been following your thread even though I haven’t been posting. Since you did some reversing on a regular app, I take it the course prepares you well enough that when you’re done you can go and apply it anywhere.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
    Reply With Quote Quote  

  14. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #13
    It certainly does! What was interesting was I reversed the app and saw something very weird in one part of it. Low and behold, after completing section 4, I realized that it had been obfuscated. What I found most interesting about it is that the piece that was obfuscated was from another company and the main pieces of the app were not obfuscated at all. Of course the piece that was obfuscated is the piece I was most concerned with exploiting, but hey can't always be easy right?

    So far I will say there is a decent balance of the teacher providing you information and there being a requirement that you do somethings on your own. You're not spoon-fed, but at the same time they walk you through pretty well. My only other critique is that there should be more labs. I prefer doing a section and there being some sort of lab, but that isn't the case with the course. Obviously, you can lab on your own, but nice to have some guidance. Last piece, I do think you should know some Java (and they do state this in the pre-reqs). You could squeak by, but I'd really recommend that you brush up on it. I'm doing this as going through the course and it seems to be alright.
    WIP:
    Python
    Java
    Reply With Quote Quote  

  15. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,005

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #14
    Completed sections 8 and 9 today at lunch. I do need to do the labs, but they didn't seem too difficult. 2 more sections to go and in theory I could take the exam.
    WIP:
    Python
    Java
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Aug 2015
    Posts
    26
    #15
    looking forward to hearing from you on the outcome of the exam. good luck
    Reply With Quote Quote  

  17. Member
    Join Date
    Jul 2015
    Posts
    68

    Certifications
    CEH, ECSA, eCPPT, OSCP, (MASPT), (CPSA)
    #16
    Hello Grinch,

    Any update about your MASPT? Hope you have taken your exam and passed in flying colours.

    Let us know your review and feedback.....Looking forward,

    I'm about to start MASPT, will write update sooner.

    Ciao
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks