Menu
Mobile application security testing — Android (smali, Frida, IL2CPP, Flutter AOT, root detection), iOS (jailbreak, Objection).
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
Stitches confirmed single-asset findings into multi-hop attack paths across the organization. Builds a graph where nodes are assets and edges are confirmed exploit hops citing the findings that enable them.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements.
Cryptanalysis techniques — lattice attacks, padding oracles, weak-RNG exploitation, signature forgery, secret-sharing recovery.
| name | mobile-security |
| description | Mobile application security testing — Android (smali, Frida, IL2CPP, Flutter AOT, root detection), iOS (jailbreak, Objection). |
Security testing of mobile applications, with emphasis on static analysis of compiled artifacts (Dart AOT snapshots, Unity IL2CPP, native ARM64 libraries, smali bytecode) before reaching for dynamic instrumentation. Covers the toolchain selection puzzle (blutter / doldrums / reFlutter for Flutter; Il2CppDumper for Unity; jadx + apktool for stock Android), envelope reverse-engineering for crypto-wrapped APIs (RSA-OAEP key wrapping, AES-CBC body encryption, base64 header transport), TLS pinning bypass, and root/jailbreak detection bypass. Static dump first; dynamic Frida/Objection only when static is insufficient.
lib/arm64-v8a/libapp.so present) — needs Dart-aware decompiler.libil2cpp.so + global-metadata.dat) — needs Il2CppDumper.dlopen of an Android .so with a Bionic→glibc forwarder + strcmp/memcmp interceptor to dump expected values without Frida or an emulator..so validates input via hundreds of polynomial-hash dispatcher functions and constructs the secret deterministically from input bytes (HTB WonderSMS pattern); use Z3 over the chain rather than emulating.