N/A When many people hear Smartphone Pentest Framework they think that this tool lets you run attack tools from a smartphone. Instead this tool lets you assess the security posture of smartphone devices. As smartphones enter the workplace, sharing the network and accessing sensitive data, it is crucial to be able to assess the security posture of these devices in much the same way we perform penetration tests on workstations and servers. However, smartphones have unique attack vectors that are not currently covered by available industry tools. The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. In this workshop, attendees will get a hands-on introduction to using SPF. We will look at the functionality of the framework including information gathering, exploitation, social engineering, and post exploitation through both a traditional IP network and through the mobile modem, showing how security teams can leverage this framework, and penetration testers to gain an understanding of the security posture of the smartphones in an organization. We will also show how to use the framework through a command line console, a graphical user interface, and a smartphone based app. Attendees will gain hands-on experience assessing multiple smartphone platforms.