Certified Ios Security Engineer (cise) Review
The Certified iOS Security Engineer (CISE) is a mobile security course focused on iOS application testing put together by 8kSec. I went through their training covering mobile malware analysis but opted for the CISE instead of the Certified Mobile Malware Reverse Engineer (CMMRE). I did this because it mostly reflect my day to day work and what I personally specialize in professionally. Though I plan on taking the CMMRE in the future.
The Exam
The exam is very straight forward you have 24 hours to provide screenshots with explanation of each issue or vulnerability found. Then 12 hours for report writing afterwards. I find this very similar to the OffSec exams. Once the 24 hours is up you lose access to your Corellium account. All the applications and software you need is on the provided Corellium device. You will not have to waste time installing tools or tweaks on the virtual device.
Your ability to find various vulnerabilities and bypasses for iOS applications will be tested. This can be anything from bypassing common protections to writing custom scripts. Additionally you will need familiarity with common tools for static and dynamic analysis. Such as frida, ghidra, hopper, lldb, and other mobile related tooling.
Conclusion
I would suggest this course to anyone with prior experience as a mobile security penetration tester or security engineer. It definitely touches on some material and topics I use in my day to day role. Meaning this is very hands on.
But it is more of an intermediate level exam. So if you go through the training with 8kSec take time to study the material. The price point for this course and exam are a bit higher, but you do get what you pay for in terms of the training content.
Resources
8kSec blog: https://8ksec.io/blog/
Frida: https://frida.re/docs/javascript-api/
Hopper: https://www.hopperapp.com/
lldb: https://lldb.llvm.org/