Mobile · Red Team · Red Team
Mobile banking iOS+Android pentest · root/jailbreak bypass · MASVS L2
A top-5 bank requested an authorized mobile pentest from DSET. Target: jailbreak/root detection bypass, MitM, cert pinning bypass, and screen recording protection in the iOS+Android mobile banking app. OWASP MASVS L2 compliance target. 21 business days. You will make 11 critical decisions in sequence.
Before you start the scenario
- You are the decision-maker in this incident · every choice leaves time/cost/reputation behind
- There are no wrong answers · just like in real life · but some paths are more expensive
- You can restart it anytime · try different paths
- At the end, a 3-axis score + alternative routes are shown