[Article]-Video: An Insider’s Look at the Smartphone Pentest Framework



User avatar


Posts: 4270

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Sep 25, 2012 11:26 am

[Article]-Video: An Insider’s Look at the Smartphone Pentest Framework

As promised, we're heading in the direction of being more technical in Georgia's column. The first one was needed to give readers a good overview. This article is meant to give you a solid foundation from which to start mobile hacking. And next month, Georgia goes a little deeper into SPF. After we have a firm grasp of how to use SPF for pen testing, then the following months will start to get even more technical. Should be fun!!

Be sure to check out her free webcast and lowcost online training!!  ;)

Permanent link: [Article]-Video: An Insider’s Look at the Smartphone Pentest Framework


By Georgia Weidman, M.S., CISSP, NIST 4011, OSCP

In, Mobile Hacking 101, the first article in my new column on The Ethical Hacker Network, I felt it was appropriate to start from the beginning. Offer up a primer if you will to give the readers a brief synopsis of where we’ve been and where we’re heading in regards to smartphones, their security and their determined march into the enterprise. Now that the basics have been covered, it’s now time to start digging deeper into the technical aspects of smartphone security. The logical next step is to set the foundation of a mobile penetration testing lab and eventually enter the live testing phase. That’s where the Smartphone Pentest Framework (SPF) enters the picture. Being the developer of this project, I thought it might be interesting to give you a personal tour.

Often when I try to tell people about SPF, they naturally jump to the conclusion that this is a tool to let you run Nmap or Metasploit on a smartphone. While that is certainly cool, it's been done before. SPF takes the opposite angle. Instead of pentesting from a smartphone (though some attacks in SPF can be launched from an on-device app), our goal is to instead perform a pentest of the mobile devices themselves. As mobile devices are joining more corporate networks every single day, do organizations have a security standard in place? If so, is it being properly enforced? Even if it is, do the smartphones in the environment open you up to total compromise as they access internal networks with direct access to sensitive resources, receive and store sensitive emails, and a wide variety of other security red flags? For this reason, all mobile devices should be in your organizations’ penetration testing activities. Like Metasploit for network pen testing, SPF is a tool to help make it easier to pen test those pesky mobile devices.

As always, let us know what you think of these articles and if there's something specific you'd like Georgia to cover,
Last edited by don on Tue Sep 25, 2012 11:51 am, edited 1 time in total.


User avatar

Hero Member
Hero Member

Posts: 1718

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Sep 25, 2012 11:32 am

Re: [Article]-Video: An Insider’s Look at the Smartphone Pentest Framework

Thanks, Georgia.  Looking forward to more of the same, and seeing what's next.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved."
- Sun Tzu, 'The Art of War'

OSCE, OSCP (Former - GPEN, C|EH - both expiring / expired)

Return to Weidman

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software