Dynamic Instrumentation — Android Penetration Testing
Frida-first guide to hooking live processes: attach, trace, and rewrite method behaviour without rebuilding the APK.
All writeups →
Recent Work
Mobile Hacking Labs: CyclicScanner
Dismantled Android apps through RCE exploits—command injection in CyclicScanner, from discovery to impact.
All writeups →vAPI Walkthrough
Full API security lab: BOLA, mass assignment, SSRF, and OWASP API Top 10 patterns end to end.
All writeups →Certifications
CMPen Android
The SecOps Group
API Security
APISec University
Certified in Cybersecurity
ISC2
Credly Verified
Credly
Capabilities
Web Pentesting
Burp Suite Pro, Postman, sqlmap, ffuf, Nuclei
OWASP Top 10 coverage, authentication bypasses, and business-logic flaws across modern web stacks.
Mobile Pentesting
Frida, Objection, Jadx, MobSF, Apktool
Android assessments: reverse engineering, insecure storage, intents, and weak crypto in production apps.
API & Cloud
REST, GraphQL, AWS, Azure, GitHub Actions
API abuse, BOLA/BFLA patterns, and CI/CD misconfigurations that leak secrets or widen blast radius.