GMOB
Coming Soon
Expected availability announced soon
This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.
GMOB
The GMOB certification equips security professionals with practical skills to evaluate mobile device architecture, test applications, secure networks, manage MDM/EMM/UEM solutions, and conduct mobile forensics, ensuring enterprise mobile security.
120
Minutes
75
Questions
72/100
Passing Score
$979
Exam Cost
Who Should Take This
It is designed for mid‑level security analysts, penetration testers, or IT administrators with two to three years of experience who manage or assess mobile environments. Learners aim to validate expertise, enhance threat‑modeling capabilities, and lead mobile security programs within enterprise settings.
What's Covered
1
Domain 1: Mobile Device Architecture and Security Models
2
Domain 2: Mobile Application Security Testing
3
Domain 3: Mobile Network Security
4
Domain 4: MDM, EMM, and UEM Solutions
5
Domain 5: Mobile Forensics
6
Domain 6: Bluetooth, NFC, and WiFi Attacks on Mobile Devices
7
Domain 7: Mobile Threat Landscape and Malware
What's Included in AccelaStudy® AI
Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats
Course Outline
60 learning goals
1
Domain 1: Mobile Device Architecture and Security Models
2 topics
Mobile platform security architecture
- Describe iOS security architecture including Secure Enclave processor, code signing enforcement, App Sandbox isolation, data protection classes, and the Secure Boot chain from bootROM to kernel
- Describe Android security architecture including SELinux mandatory access control, APK signature verification, application sandbox model, verified boot process, and hardware-backed keystore mechanisms
- Identify mobile operating system kernel architectures including XNU on iOS and Linux kernel on Android with their respective privilege separation, memory protection, and inter-process communication mechanisms
- Compare iOS and Android security models to evaluate relative strengths in application isolation, update delivery cadence, permission enforcement granularity, and hardware security module integration
Mobile application and data security fundamentals
- Describe mobile application distribution models including Apple App Store review process, Google Play Protect scanning, enterprise sideloading via MDM, and the security implications of each channel
- Identify mobile application data storage mechanisms including iOS Keychain, Android EncryptedSharedPreferences, SQLite databases, and file-based storage with their associated security properties
- Describe jailbreak and root detection mechanisms including SafetyNet Attestation, Play Integrity API on Android, and jailbreak detection libraries on iOS with their bypass characteristics
2
Domain 2: Mobile Application Security Testing
2 topics
Static and dynamic analysis techniques
- Implement static analysis of Android applications using jadx, apktool, and MobSF to decompile APK files, review manifest permissions, and identify hardcoded secrets and insecure configurations
- Implement static analysis of iOS applications using class-dump, Hopper, and otool to inspect Mach-O binaries, identify exposed Objective-C methods, and review entitlement configurations
- Execute dynamic analysis of mobile applications using Frida for runtime method hooking, SSL pinning bypass, root/jailbreak detection circumvention, and API call tracing on both platforms
- Implement mobile API security testing using Burp Suite with mobile proxy configuration to intercept HTTPS traffic, test authentication token handling, and identify parameter tampering vulnerabilities
- Analyze mobile application vulnerability findings against OWASP Mobile Top 10 categories to prioritize remediation efforts and assess business impact of identified security weaknesses
Mobile application penetration testing
- Execute Android application penetration testing using Drozer to enumerate exposed attack surfaces including content providers, broadcast receivers, activity components, and service endpoints
- Implement mobile application binary patching to bypass client-side security controls, modify application logic, and inject instrumentation code for advanced security testing scenarios
- Apply mobile application cryptographic analysis to identify weak encryption implementations, insecure key storage practices, and certificate validation bypass opportunities on iOS and Android
- Implement Android intent and deep link security testing to identify intent injection, URL scheme hijacking, and cross-application data leakage through insecure inter-component communication
- Execute iOS URL scheme and Universal Links security testing to identify scheme hijacking, clipboard data leakage, and keychain access control bypass in application communication flows
- Implement mobile application reverse engineering using Ghidra and IDA Pro to analyze native library components, identify anti-tampering mechanisms, and discover hidden functionality in compiled code
- Evaluate mobile application security posture by synthesizing static analysis, dynamic testing, and network-level findings into comprehensive risk assessment reports with remediation guidance
- Assess mobile application data leakage risks by analyzing backup extraction, clipboard monitoring, screenshot caching, keyboard cache, and application log output across both platforms
3
Domain 3: Mobile Network Security
1 topic
Mobile network interception and defense
- Describe cellular network security architecture including 4G LTE authentication and key agreement protocols, 5G NR security enhancements, and known vulnerability classes in radio access networks
- Identify mobile VPN technologies including IPsec IKEv2, WireGuard, and per-app VPN policies with their configuration requirements for securing mobile device communications over untrusted networks
- Describe mobile certificate pinning implementations including static pinning, dynamic pinning, HPKP, and certificate transparency validation with their respective bypass difficulty levels
- Implement rogue access point attacks using hostapd-mana and WiFi-Pumpkin to create evil twin networks for intercepting mobile device traffic and harvesting credentials in authorized tests
- Execute mobile network traffic interception and analysis using mitmproxy and Wireshark to identify insecure API calls, cleartext data transmission, and certificate validation failures
- Implement IMSI catcher detection techniques and assess mobile device exposure to fake base station attacks using SnoopSnitch and cell tower analysis tools in controlled environments
- Analyze mobile network security configurations to evaluate the effectiveness of certificate pinning, VPN enforcement, and network-level protections against interception and downgrade attacks
- Assess mobile application network communication security by comparing protocol implementations, TLS configuration quality, and data-in-transit protection across application portfolios
4
Domain 4: MDM, EMM, and UEM Solutions
1 topic
Enterprise mobility management and security
- Describe MDM, EMM, and UEM solution architectures including device enrollment workflows, policy enforcement mechanisms, and the evolution from basic MDM to unified endpoint management platforms
- Identify BYOD, COPE, and COBO deployment models with their respective security policy requirements, data separation techniques, compliance monitoring approaches, and user privacy implications
- Describe zero trust architecture principles applied to mobile devices including continuous device posture assessment, conditional access policies, and risk-based authentication for mobile endpoints
- Implement MDM security policies including device encryption enforcement, passcode complexity requirements, remote wipe capabilities, application whitelisting, and geofencing restrictions
- Configure mobile application management policies including app wrapping, managed app configuration, per-app VPN, and containerization for enterprise data separation on personal devices
- Execute MDM bypass and evasion techniques in authorized testing environments to assess enrollment enforcement gaps, policy compliance validation, and jailbreak detection effectiveness
- Implement mobile threat defense integration with UEM platforms to configure automated threat response actions including device quarantine, conditional access restriction, and compliance remediation
- Evaluate MDM/UEM deployment effectiveness by assessing policy coverage, compliance rates, enrollment completeness, and resilience against bypass techniques across the device fleet
5
Domain 5: Mobile Forensics
1 topic
Mobile device forensic acquisition and analysis
- Describe mobile forensic acquisition methods including logical extraction, file system acquisition, physical acquisition, cloud-based acquisition, and chip-off techniques with evidence integrity considerations
- Identify key mobile forensic artifacts on iOS including SQLite databases, plist files, call history, SMS and iMessage stores, location services data, and application-specific data containers
- Identify key mobile forensic artifacts on Android including content provider databases, application sandbox data, ADB backup contents, Google account sync data, and media metadata stores
- Implement mobile device forensic acquisition using Cellebrite UFED and open-source tools including libimobiledevice for iOS and ADB-based extraction methods for Android device imaging
- Execute mobile application data extraction and analysis to recover deleted messages, reconstruct browsing history, extract cached credentials, and map user communication patterns
- Implement mobile cloud data acquisition by extracting iCloud, Google account, and third-party cloud service backups to supplement on-device forensic evidence with cloud-stored artifacts
- Execute mobile device location forensics by analyzing GPS coordinates, cell tower records, WiFi connection logs, and application-specific location data to reconstruct movement timelines
- Analyze mobile forensic evidence to reconstruct user activity timelines, correlate artifacts across applications, assess evidence completeness, and evaluate the impact of encryption on data recovery
6
Domain 6: Bluetooth, NFC, and WiFi Attacks on Mobile Devices
1 topic
Wireless protocol exploitation targeting mobile devices
- Describe Bluetooth protocol stack architecture including Classic Bluetooth, BLE (Bluetooth Low Energy), pairing mechanisms, and known attack classes including BlueBorne, KNOB, and BLURtooth
- Identify NFC technology stack including NDEF message format, tag types I through V, HCE (Host Card Emulation), and relay attack vectors against contactless payment and access control systems
- Describe WiFi security protocols including WPA2-Personal, WPA2-Enterprise with 802.1X, WPA3-SAE, and OWE with their respective vulnerability classes and mobile device implementation specifics
- Implement Bluetooth reconnaissance and BLE exploitation using hcitool, Bettercap, and GATTacker to enumerate services, intercept pairing exchanges, and exploit insecure GATT characteristics
- Execute NFC relay attacks and tag cloning using Proxmark3 and libnfc to demonstrate vulnerabilities in contactless payment systems and NFC-based physical access control implementations
- Implement WiFi attacks targeting mobile devices including KARMA/MANA rogue AP attacks, WPA2 four-way handshake capture, WPA3-SAE dragonblood vulnerabilities, and PMKID-based offline attacks
- Execute Bluetooth Low Energy device tracking and privacy analysis to assess BLE beacon exposure, advertising data leakage, and device fingerprinting risks on mobile platforms
- Analyze wireless attack results to assess mobile device exposure to Bluetooth, NFC, and WiFi attack vectors and evaluate the effectiveness of platform-specific wireless security configurations
- Compare wireless protocol security across iOS and Android to evaluate platform differences in Bluetooth pairing enforcement, WiFi connection security defaults, and NFC data protection mechanisms
7
Domain 7: Mobile Threat Landscape and Malware
1 topic
Mobile malware and threat intelligence
- Describe mobile malware categories including trojans, spyware, ransomware, banking malware, and adware with their infection vectors, persistence mechanisms, and platform-specific behaviors on iOS and Android
- Identify mobile phishing and social engineering attack vectors including SMS phishing (smishing), deep link abuse, malicious QR codes, progressive web app impersonation, and app store lookalike attacks
- Describe mobile spyware capabilities including Pegasus-style zero-click exploits, commercial surveillance tools, stalkerware applications, and their indicators of compromise on mobile devices
- Implement mobile malware analysis using static decompilation and dynamic sandbox execution to identify malicious behaviors including data exfiltration, keylogging, screen recording, and C2 communication
- Execute mobile device compromise detection by analyzing running processes, network connections, installed certificates, configuration profiles, and battery consumption anomalies for spyware indicators
- Assess mobile threat landscape trends by analyzing malware prevalence data, emerging attack technique evolution, and platform-specific vulnerability patterns for organizational risk evaluation
- Evaluate organizational mobile security posture by assessing device fleet composition, OS version distribution, application risk profiles, and threat exposure against current mobile threat intelligence
Scope
Included Topics
- All domains covered by the GIAC GMOB certification aligned with SANS SEC575: iOS and Android Application Security Analysis and Penetration Testing, including mobile platform architecture, application security testing, network security, MDM/EMM/UEM solutions, mobile forensics, wireless attacks, and mobile threat landscape.
- Mobile application security testing methodologies for both iOS and Android platforms including static analysis, dynamic analysis, runtime instrumentation with Frida, API interception, binary patching, and reverse engineering techniques.
- Enterprise mobility management including MDM, EMM, and UEM solution deployment, BYOD/COPE/COBO models, application management policies, mobile threat defense integration, and compliance monitoring for organizational mobile security.
- Wireless attack techniques targeting mobile devices including Bluetooth Classic and BLE exploitation, NFC relay attacks, WiFi evil twin and rogue AP attacks, and cellular network interception methods.
- Mobile forensic acquisition and analysis techniques for both iOS and Android platforms using commercial tools (Cellebrite) and open-source alternatives including cloud-based evidence acquisition.
Not Covered
- Advanced exploit development and memory corruption techniques for mobile platforms covered by GIAC GXPN at the binary exploitation level.
- Full mobile malware reverse engineering and advanced persistent threat analysis covered by GIAC GREM at the deep binary analysis level.
- Enterprise network security architecture and defensive operations beyond mobile-specific concerns covered by GIAC GCIA or GCIH.
- Desktop and server operating system security testing not directly related to mobile device security assessment.
- Carrier-level cellular infrastructure security and SS7/Diameter protocol exploitation beyond the scope of device-level security testing.
Official Exam Page
Learn more at GIAC Certifications
GMOB is coming soon
Adaptive learning that maps your knowledge and closes your gaps.
Create Free Account to Be Notified